29728 matches found
RHEL 9 : firefox (RHSA-2026:2044)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2044 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
RHEL 8 : firefox (RHSA-2026:2070)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2070 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Tanium Reputation 安全漏洞
Tanium Reputation is a threat intelligence integration engine developed by the American company Tanium. Tanium Reputation has a security vulnerability, which stems from improper access control practices...
Google Chrome Code Execution Vulnerability (CNVD-2026-10652)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...
CVE-2026-25546
Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...
EUVD-2026-5327
Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...
CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...
CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...
CVE-2026-20056
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2026-20056 Cisco Secure Web Appliance TBD Bypass Vulnerability
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
EUVD-2026-5425
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2025-71195 dmaengine: xilinx: xdma: Fix regmap max_register
In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap maxregister The maxregister field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause...
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
Detections for the CVE-2026-21509 vulnerability in MS Office...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview directorytree/imapengine is a fully-featured IMAP library -- without the PHP extension. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to...
EUVD-2026-5155
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...
Docker Desktop 4.44.3 - Unauthenticated API Exposure
Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...
PT-2026-6079
Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Secure Web Appliance affected versions not specified Description A flaw in the Dynamic Vectoring and Streaming DVS Engine implementation may allow a remote, unauthenticated attacker to circumvent the anti-malwa...
Cisco Secure Web Appliance 安全漏洞
Cisco Secure Web Appliance is an application developed by the American company Cisco. It is used to protect websites. There is a security vulnerability in Cisco Secure Web Appliance, which stems from the dynamic vector and stream engine’s improper handling of certain archive files. This...
CVE-2026-1341
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...
CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...