37 matches found
EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...
SUSE-SU-2026:2083-1 Security update for rsync
This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223. - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer...
SUSE SLES12 Security Update : rsync (SUSE-SU-2026:2048-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2048-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization...
SUSE-SU-2026:2048-1 Security update for rsync
This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer Overflow Information Disclosure bsc1264512. - CVE-2026-43620: Out-of-Bounds Array Read...
SUSE-SU-2026:2038-1 Security update for rsync
This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-41035: Count of entries mismatch can lead to a use-after-free bsc1262223 - CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. - CVE-2026-43618: Integer...
CVE-2026-42260 Open-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to browser navigation strategies that involved server-side request forgeing, which potentially allowed...
SUSE SLED15: libblkid-devel / libblkid-devel-static / libblkid1 / etc (SUSE-SU-2026:1406-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1406-1 advisory. Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. N...
SUSE CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
Vulnerabilities fixed in Fortinet FortiWeb
Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
CVE-2025-48840
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There were code vulnerabilities in the versions of Craft CMS from 3.5.0 to 4.16.17, and from 5.0.0-RC1 to 5.8.21. These vulnerabilities stemmed from a GraphQL mutation in the saveimagesAsset function, which could be...
Exploit for Incorrect Authorization in Sudo_Project Sudo
CVE-2025-32462 – Sudo Hostname Bypass Privilege Escalation !...
EUVD-2025-202627
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...
CVE-2025-65512
A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...