CVE-2026-38329

Bludit CMS is affected pre-3.18.4. The API Plugin's POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails authorization checks and lacks file extension validation, enabling an attacker with a valid API token to upload a PHP script and execute arbitrary code on the server (Remote Code ...

RHEL 9 : gimp (RHSA-2026:25899)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25899 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 8 : redis:6 (RHSA-2026:26008)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26008 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...

Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RHEL 9 : gimp (RHSA-2026:25901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25901 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

GeoVision GV-VMS V20 WebCam Server stack overflow vulnerabilities

Summary Multiple exploitable stack overflow vulnerabilities exist in the WebCam Server functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities...

RHEL 9 : samba (RHSA-2026:25979)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25979 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

CVE-2026-11526

The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

Malicious code in npm-sandbox-research-e9f0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...

MAL-2026-5762 Malicious code in npm-sandbox-research-e9f0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...

Malicious code in npm-sandbox-research-d7e8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9 Package declares a postinstall lifecycle hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon12.j...

MAL-2026-5761 Malicious code in npm-sandbox-research-d7e8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff31cbf7e2e36cef422933472638912cd6ee6652ece9b03d11faa98b70d13e9 Package declares a postinstall lifecycle hook "postinstall": "node run.js" that auto-executes on install. The package ships beacon scripts beacon12.j...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 – MCPJam Inspector Unauthenticated Remote Code...

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

PT-2026-49109

Name of the Vulnerable Software and Affected Versions Config::IniFiles versions prior to 3.001000 Description OS command injection and file overwrite are possible through the make filehandle function. This occurs because the function uses Perl's 2-arg open to process the -file argument. If a...

Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...