CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation

Jenkins 2.442 through 2.554 both inclusive, LTS 2.426.3 through LTS 2.541.2 both inclusive performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable t...

CVE-2026-33002

Jenkins 2.442 through 2.554 both inclusive, LTS 2.426.3 through LTS 2.541.2 both inclusive performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable t...

PT-2026-26074

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2 Description The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the...

GHSA-429Q-MRC4-38FR Apache Camel Deserializes Untrusted Data in its LevelDB Component

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

BIT-JENKINS-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

Security Bulletin: IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service (DoS) (CVE-2025-36128)

Summary IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service DoS. Vulnerability Details CVEID:CVE-2025-36128 DESCRIPTION: IBM MQ is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type...

CVE-2025-43907

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal:...

EUVD-2022-3431

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-46088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution RCE. Any user with the Zabbix Admin role is able to run custom shell script on the...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : fdkaac vulnerabilities (USN-7660-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7660-1 advisory. It was discovered that fdkaac did not correctly handle certain input. If a user or automated syst...

USN-7603-1 composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Bootstrap vulnerabilities (USN-7556-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7556-1 advisory. It was discovered that Bootstrap did not correctly sanitize certain input in the carousel...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from the file management module allowing the upload of potentially harmful file types. The following versions are affected: versions...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : djoser vulnerability (USN-7354-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7354-1 advisory. Diego Cebrin discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PlantUML vulnerability (USN-7353-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7353-1 advisory. Tobias S. Fink discovered that PlantUML was susceptible to cross-site scripting attacks XSS in instances...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Netty vulnerabilities (USN-7284-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7284-1 advisory. Jonathan Leitschuh discovered that Netty did not correctly handle file permissions when writing...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : HTMLDOC vulnerabilities (USN-7225-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7225-1 advisory. It was discovered that HTMLDOC incorrectly handled memory in the imagesetmask,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : rsync regression (USN-7206-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7206-2 advisory. USN-7206-1 fixed vulnerabilities in rsync. The update introduced a regression in rsync. This update...