Linux Distros Unpatched Vulnerability : CVE-2026-31611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: require 3 sub-authorities before reading subauth2 parsedacl compares each ACE SID against sidunixNFSmode and on match reads sid.subauth2 as the file mode...

Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]

Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...

CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

PT-2025-53059

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an incorrect exception table annotation within the clear user rep good function. This issue stemmed from the annotation pointing to a register move instead of...

Linux Distros Unpatched Vulnerability : CVE-2018-11225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows...

Linux Distros Unpatched Vulnerability : CVE-2022-50096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb kprobes...

keycloak-saml-core: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that stems from a syntax error that may be set by JS::CheckRegExpSyntax when called, which will result in a call to convertToRuntimeErrorAndClear...

GHSA-JF9V-FXFQ-WM76 Lift Sensitive Information Disclosure

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a less than character...

AZL-8513 CVE-2022-23773 affecting package golang for versions less than 1.17.8-1

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

FreeBSD 注入漏洞

FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from an injection vulnerability that can be exploited by an attacker to cause the driver to misinterpret portions of the payload of a large package as separate packages...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

UBUNTU-CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...