CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

UBUNTU-CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

CVE-2026-24126

CVE-2026-24126 (Weblate) : The SSH host-key management endpoint accepts the admin-supplied host value and forwards it to ssh-keyscan without validation, enabling argument injection and potential arbitrary local-file read by the web server user. Affected: Weblate versions ≤ 5.15.2; Impact: read se...

PT-2026-20332

Name of the Vulnerable Software and Affected Versions Windows Admin Center versions prior to 2511 Description An improper authentication issue exists in Windows Admin Center, potentially allowing an authorized attacker to elevate privileges on a network. The vulnerability, identified as...

PT-2026-20549

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.16.0 Description Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the ssh-add function. This...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4301-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4301-1 advisory. The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: -...

tracing: Limit access to parser->buffer when trace_get_user failed

...

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

CVE-2022-23615

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

CVE-2020-11124

u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404,...

PT-2025-14795

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack versions prior to 16.4.10315.56368 Gladinet Triofox versions prior to 16.4.10317.56372 Description Gladinet CentreStack and Triofox are affected by a deserialization vulnerability due to the use of a hardcoded machineKey i...

PT-2025-9131

Name of the Vulnerable Software and Affected Versions: TOTOlink A3002R version V1.1.1-B20200824.0128 Description: The issue arises from a buffer overflow due to improper input validation of the pppoe dns1 parameter in the formIpv6Setup interface of the /bin/boa endpoint. Recommendations: For...

How to limit NetScaler Management access

With this document you may limit the NetScaler Management access to certain IP address/es...

PT-2024-10413 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue is related to the IBM Storage Defender's Defender Sensor component, which has incorrect data encryption. This could allow a remote attacker to obtain sensitive informati...

PT-2024-6387 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager vTM that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect...

PT-2024-34460 · Sourcecodester · Sourcecodester Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Best House Rental Management System, affecting the file login.php. The manipulation of the username and...

PT-2024-19938 · Hcl · Hcl Connections

Name of the Vulnerable Software and Affected Versions: HCL Connections versions 7.0 through 8.0 Description: HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if a user is valid or not, leading to a possible brute force attack. This...

PT-2024-6453 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 affected versions not specified...

PT-2024-1461 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 Description: The issue is related to a critical vulnerability in the setWrlBasicInfo function of the httpd component. This vulnerability allows for a stack-based buffer overflow due to the manipulation of the...