62793 matches found
CVE-2026-8927
When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...
CVE-2026-8927
CVE-2026-8927 involves libcurl when reusing a handle for sequential transfers driven by environment-variable proxies. The root cause is failure to clear proxy authentication state between requests, causing a Digest-auth session authenticated to proxyA to leak the Proxy-Authorization header to pro...
SUSE CVE-2026-54672
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8487-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8487-1 advisory. Andrew Nesbitt discovered that curl could reuse an existing live connecti...
Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8497-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8497-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as...
Ubuntu 26.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8489-1)
"The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8489-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag....
Ubuntu 24.04 LTS : Linux kernel (Xilinx) vulnerabilities (USN-8499-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8499-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
📄 Cacti 1.2.30 Remote Code Execution
Cacti versions 1.2.30 and below authenticated remote code execution exploit that uses variable injection via graph rendering. Written in Python. ================================================================================================================================== | Title : Cacti ≤...
Unbreakable Enterprise kernel security update
5.15.0-322.203.3.2 - KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level Sean Christopherson Orabug: 39673886 - KVM: x86: Fix shadow paging use-after-free due to unexpected role Paolo Bonzini Orabug: 39673886 - KVM: x86: Fix shadow paging use-after-free due to unexpected...
📄 Cacti 1.2.30 Remote Code Execution
This Metasploit module is an authenticated remote code execution exploit for Cacti versions 1.2.30 and below. ================================================================================================================================== | Title : Cacti ≤ 1.2.30 Authenticated RCE via Host...
📄 Cockpit CMS 2.13.5 Cross Site Scripting / Account Takeover
Cockpit CMS versions 2.13.5 and below suffer from persistent cross site scripting and cross site request forgery vulnerabilities. CVE-2026-39275 - Stored XSS Leading to Account Takeover in Cockpit CMS Note: Responsibly disclosed to and patched by the Cockpit CMS maintainers prior to publication. ...
GHSA-JPHH-M39H-6GWX 9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...
9router's Hardcoded Default fallback JWT Secret Allows Authentication Bypass
Summary 9router uses a publicly known hardcoded string "9router-default-secret-change-me" as the fallback of JWT secret for all Dashboard session JWTs when the JWTSECRET environment variable is not set. Because this secret is committed in the public repository and unchanged across all releases, a...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Genius Hub
Summary The following dependency packages are being used by IBM Db2 Genius Hub. flatted-3.3.3.tgz , axios-1.15.1.tgz, immutable-4.0.0-rc.12.tgz , lodash-4.17.23.tgz, jspdf-3.0.2.tgz , swiper-11.2.10.tgz , picomatch-2.3.1.tgz , axios-1.12.2.tgz , router-1.23.0.tgz , minimatch-10.2.1.tgz ,...
GHSA-GG9X-QCX2-XMRH joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...
joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 22, 2026 to June 28, 2026)
Last week, there were 199 vulnerabilities disclosed in 169 WordPress Plugins and 9 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 111 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
GHSA-3RJW-M598-PQ24 Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set
Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...
Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set
Summary The aarch64 implementations of Cmov and CmovEq seem to assume that the high bits when loading a value of size smaller than a register into a register are zero-extended. However, this is not the case and these bits are unspecified. This can result in a left.cmovz&right, condition not movin...