PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

PT-2026-37111

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.44 Traefik versions prior to 3.6.15 Traefik versions prior to 3.7.0-rc.3 Description An information disclosure issue exists in the errors custom error pages middleware. When a backend returns a response matching...

PT-2026-36839

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming...

RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:13508)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13508 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

CImg 安全漏洞

CImg is a small open-source C++ toolkit for image processing, developed by GREYC. CImg has a security vulnerability that stems from the lack of validation of the nbcolors field in BMP file headers. This vulnerability may lead to excessive memory allocation and cause a system to crash due to...

PT-2026-38251

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description OpenClaw derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can bypass owner-gated operations by manipulating the...

Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)

Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link: https://github.com/traccar/traccar Version: = 6.11.1 Tested on: Windows 11 / Linux CVE: CVE-2025-68930...

PT-2026-36915

Name of the Vulnerable Software and Affected Versions @fastify/accepts-serializer versions prior to 6.0.4 Description An issue exists where serializer-selection results are cached using the request Accept header as a key without a size limit or eviction policy. A remote unauthenticated client can...

RHCOS 1 : activemq (RHSA-2014:0254)

The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0254 advisory. - HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2013-2035 - Framework: XML External Entity...

RHCOS 2 : activemq (RHSA-2014:0245)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0245 advisory. - HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2013-2035 - Framework: XML External Entity...

phpBB 授权问题漏洞

phpBB is a set of web forum software developed by Ariefibis. Versions prior to phpBB 3.3.16 had authorization-related vulnerabilities. This vulnerability stemmed from host header injection, which could lead to malicious password reset links. When forceservervars is disabled, the server’s hostname...

PT-2026-37097

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description An authenticated user can cause the daemon to make blind outbound HEAD requests to arbitrary destinations. This occurs because the image import flow issues a request to a user-supplied URL via the...

PT-2026-36770

Name of the Vulnerable Software and Affected Versions phpBB versions prior to 3.3.16 Description Host Header Injection occurs when force server vars is disabled, allowing the server's hostname to be extracted from the HTTP Host header to generate password reset link URLs. An attacker capable of...

RHEL 9 : .NET 9.0 (RHSA-2026:13282)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13282 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Do not assume that the skbmacheader is set. Drivers must not assume in their ndostartxmit function that skbs have their macheader set. skb-data is sufficient. Bonding seems to be one of the last vulnerabilities that a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: - Do not allow gsosize to be set to GSOBYFRAGS. - A missing check in virtionethdrtoskb allowed syzbot to crash kernels again. Do not allow gsosize to be set to GSOBYFRAGS 0xffff, because this magic value is used by the kernel...

Astra Linux - уязвимость в ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...

Astra Linux - уязвимость в requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tun: Missing verification for short frames was added. The referenced commit failed to check the validity of the frame length in the tunxdpone path, which could result in a corrupted skb being sent down the stack. Even before the...

Astra Linux - уязвимость в tomcat9

Improper handling of exceptional conditions, and uncontrolled resource consumption vulnerabilities in Apache Tomcat. When processing an HTTP/2 stream, Tomcat failed to correctly handle some cases of excessive HTTP headers. This resulted in an incorrect count of active HTTP/2 streams, leading to t...