Microsoft ASP.NET Core 安全漏洞

Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. There are security vulnerabilities in Microsoft ASP.NET Core. Attackers can exploit...

Linux Distros Unpatched Vulnerability : CVE-2026-43060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone,...

ctf-scripts

CTF Scripts Kumpulan script otomatisasi dan template eksploit...

EUVD-2026-25125

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2026-35175

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

Linux Distros Unpatched Vulnerability : CVE-2025-66038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In...

CVE-2026-3587 Hidden CLI Function Allows Root Access

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...

CVE-2026-3587 Hidden CLI Function Allows Root Access

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...

CVE-2026-3587

CVE-2026-3587 describes an unauthenticated remote vulnerability where an attacker can exploit a hidden function in the CLI prompt to escape the restricted interface on a Linux-based OS, resulting in full device compromise. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) yields a base sc...

EUVD-2026-12786

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

PT-2026-26033

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

PT-2026-25954

CVE-2026-3856 IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integ… https://t.co/3y33wLJj0n...

Linux Distros Unpatched Vulnerability : CVE-2026-29775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out- of-bounds read/write occurs in FreeRDP's bitmap cache...

ROS-20260313-73-0021

A vulnerability in the raid10makerequest function of the raid10 component of the raid10 kernel of the Linux operating system is related to the failure to free memory after an effective lifetime. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...

Linux Distros Unpatched Vulnerability : CVE-2025-69653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6...

CVE-2026-27975 Ajenti has a potential Remote Code Execution

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...