Exploit for CVE-2026-42945

nginx-rift-scanner Dependency-free Python 3 scanner for CVE...

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

SUSE CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2026-43924

Summary: CVE-2026-43924 affects FOSSBilling prior to v0.8.0, where the Redirect module does not validate URL schemes for administrator-configured redirect targets, allowing open redirects. This can cause legitimate user traffic to be redirected to attacker-controlled sites via a 301 response (bro...

EUVD-2026-34176

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2026-43924 FOSSBilling has an open redirect via administrator-configured redirect targets

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

CVE-2026-26379

An issue in Koha v.25.11 and before allows a remote attacker to execute arbitrary code via the Z39.50 configuration module...

DRUPAL-CONTRIB-2026-041

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commercecheckout enabled, and the "Comments"...

Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.4 zypper in -t patch...

CVE-2026-42318

GLPI versions affected: 9.5.0 and prior to 10.0.25, and prior to 11.0.7. The issue allows low-privilege users with access to the Planning feature to delete any object in GLPI. The root cause details are not explicitly described beyond exploitation via the Planning endpoint. Impact is the potentia...

CVE-2026-42318 GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

USN-8375-1 nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

USN-8375-1: nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...