590155 matches found
Important: Red Hat Security Advisory: python3.9 security update
An update for python3.9 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Typecho-GetText-eval-RCE-PoC
Typecho GetText Plural-Forms eval Remote Code Execution...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408 Samba: remote code execution in samr
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408 Samba: remote code execution in samr
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
CVE-2026-4408 : Samba remotely executes code due to a misconfiguration in the “check password script” feature when the script uses the %u substitution. The client-supplied username is passed with insufficient escaping of shell meta-characters, enabling remote command execution on affected systems...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...
CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...
EUVD-2026-32732
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...
CVE-2026-9227 GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...
CVE-2026-9227
The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbeefileandextjson function. This is due to a flawed strpos substring check that only verifies whether the filename contains the string '.json' rath...
Exploit for CVE-2026-42945
CVE-2026-42945 — NGINX Rift Heap Buffer Overflow in NGINX...
CVE-2026-9009
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...
Directory Traversal
Overview org.jenkins-ci.plugins:credentials-binding is a plugin that allows credentials to be bound to environment variables for use from miscellaneous build steps. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of file names for file and zip...
XCharge C6
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
CP Plus 8 Ch. Network Video Recorder
ADVISORY SUMMARY Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with...
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...