CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

CLSA-2026-1778015406 cifs-utils: Fix of CVE-2022-29869

CVE-2022-29869: avoid leaking sensitive credential file content via verbose stderr in mount.cifs option parsing...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

PT-2026-22592

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

Linux Distros Unpatched Vulnerability : CVE-2019-17632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and...

EulerOS 2.0 SP10 : git (EulerOS-SA-2025-1512)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the...

Security update for cloud-regionsrv-client, python-toml

This update for cloud-regionsrv-client, python-toml contains the following fixes: cloud-regionsrv-client: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product Update to 10.3.9: bsc1234050 Send registration code for the extensions, not only base product...

CVE-2024-52005

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

Microsoft PowerShell 7.2.x < 7.2.17 / 7.3.x < 7.3.10 / 7.4.x < 7.4.0 Information Disclosure (macOS)

The version of Microsoft PowerShell installed on the remote macOS host is 7.2.x prior to 7.2.17, 7.3.x prior to 7.3.10 or 7.4.x prior to 7.4.0. It is, therefore, affected by an information disclosure vulnerability. According to the Microsoft Security Advisory, there exists an unspecified error ca...

Authenticated SQL Injection in OpenSIS Classic v9.0 and earlier

Description SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure. Version At the time of reporting, the most up-to-date version of the master branch...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

CVE-2022-38149

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...

Denial Of Service (DoS)

mbedtls is vulnerable to denial of service. The vulnerability exists through a buffer overread when the dtls server with MBEDTLSSSLDTLSCLIENTPORTREUSE in use receives a ClientHello message with a cookie whose declared length exceeds the end of the allocated buffer which allows an attacker to caus...

PT-2021-15885 · WordPress · This Gallery From Files

Name of the Vulnerable Software and Affected Versions: This Gallery from files WordPress plugin versions 1.6.0 and earlier Description: The issue arises from the improper sanitization of filenames before being output in an error message when they have an invalid extension, leading to a reflected...

Mail.ru: Получение локального пути до файла [geekbrains.ru]

Verbose error output was enabled on lms-beta.geekbrains.ru...

patch security and bug fix update

2.7.6-11 - Related: 1733565, apply the patch correctly 2.7.6-10 - CVE-2019-13636 , Dont follow symlinks unless --follow-symlinks is given - Resolves: 1665928, patch has a huge error output and segfaults when the file to be patched does not exist...

Eclipse Jetty Cross-Site Scripting Vulnerability (CNVD-2021-28275)

Jetty is a pure Java-based web server and Java Servlet container . A cross-site scripting vulnerability exists in Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118. The vulnerability stems from an exception message in stacktraces contained in the generated unescaped...

UBUNTU-CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...