Exploit for CVE-2026-40175

CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...

USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

USN-8182-1 ruby-rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:1400-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1400-1 advisory. - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Tenable has extracted the preceding...

MiracleLinux 9 : nodejs:24 (AXSA:2026-449:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-449:01 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-2554...

SUSE SLES15 Security Update : azure-storage-azcopy (SUSE-SU-2026:1395-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1395-1 advisory. - CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 :path pseudo- header bsc1260307. Tenable has...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007567 advisory. In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: make sure to pull inner header in iptunnelrcv Apply the same fix than ones found i...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007441 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC heade...

MiracleLinux 9 : nodejs:22 (AXSA:2026-446:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-446:01 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:1385-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1385-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper...

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007421 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6gsosegment syzbot was able to craft a packet with very long...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007585)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007585 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue To prevent a potential crash in aggdequeue...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Rack vulnerabilities (USN-8182-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8182-1 advisory. Andrew Lacambra discovered that Rack did not properly parse certain regular...

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007287 advisory. Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007341 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2stackglueinit ocfs2tableheader should be free in ocfs2stackglueini...

PT-2026-33521

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

PT-2026-33517

Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.25.0 Description An issue exists where the defaultGroup ID remains permanently assigned to a user after their access to a group is revoked. Although the web interface enforces this revocation, the API does not...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007396)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007396 advisory. In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows,...

📄 PCLink 4.1.1 Authentication Bypass / Code Execution

PCLink version 4.1.1 trusts localhost requests with the "X-Internal-Auth: true" header, bypassing all authentication. Combined with unrestricted extension installation, this allows arbitrary code execution. Exploit Title: PCLink v4.1.1 - Authentication Bypass Leading to Remote Code Execution Date...