CLSA-2026-1779694338 rsync: Fix of CVE-2026-29518

CVE-2026-29518: fix daemon-no-chroot sender TOCTOU symlink race by opening source files via securerelativeopen from module root...

Exploit for CVE-2026-42945

CVE-2026-42945 - ngxhttprewritemodule module. This vulnerab...

Linux Distros Unpatched Vulnerability : CVE-2026-9256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex patter...

Security update for perl-HTTP-Tiny (moderate)

openSUSE security update: security update for perl-http-tiny ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20792-1 Rating: moderate References: bsc1264992 Cross-References: CVE-2026-7010 Affected Products: openSUSE Leap 16.0...

SourceCodester Student Grades Management System 授权问题漏洞

SourceCodester Student Grades Management System is SourceCodester open source a student grades management system . SourceCodester Student Grades Management System 1.0 version of the authorization problem vulnerability , the vulnerability stems from the file classroom.php function...

EUVD-2026-31601

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-9367

CVE-2026-9367 affects NousResearch hermes-agent (component: terminal_tool, file: tools/approval.py, function: detect_dangerous_command). The issue enables an OS command injection due to a manipulation in detect_dangerous_command, with a remote attack possible. Public exploit information is report...

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, has a security vulnerability. This vulnerability stems from improper operation of...

programming-for-penetration-testing-buffer-overflow-exploit

Buffer Overflow Exploit in Ruby Overview This project was...

Exploit for CVE-2026-42945

CVE-2026-42945 - Critical NGINX RCE CVSS 9.2 Classifi...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.2-1.hum1 aarch64, x8664 nginx-all-modules-1.30.2-1.hum1 noarch nginx-core-1.30.2-1.hum1 aarch64, x8664 nginx-filesystem-1.30.2-1.hum1 noarch nginx-mod-devel-1.30.2-1.hum1 aarch6...

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 / Copy Fail Checker 🔒 Linux kernel vulnerabili...

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-41147

CVE-2026-41147 (NukeViet CMS) is a stored XSS issue affecting NukeViet CMS versions up to 4.5.08, caused by insufficient server-side input sanitization in the Request class. The app relies on client-side filtering for user-submitted HTML, which can be bypassed by altering HTTP requests. Attackers...

CVE-2026-41147

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...

CVE-2026-40295

CVE-2026-40295 affects Devise (Rails/Warden) where FailureApp#redirect_url returns request.referrer for non-GET timeouts, enabling open redirects to attacker-controlled URLs. This occurs in Devise 5.0.3 and earlier and can cause phishing or malware delivery by redirecting expired-session users to...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...