CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-8276 bettercap MySQL Server mysql_server.go integer coercion

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-8269

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smfnsmfhandlecreatesmcontext of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project was...

CVE-2026-8263

The CVE affects Tenda AC6 (firmware 15.03.06.49_multi_TDE01) where the fromSetWirelessRepeat function in /goform/WifiExtraSet within the httpd component is vulnerable. Manipulating the mac/ssid arguments enables an OS command injection, allowing remote exploitation. Public exploits have been rele...

PT-2026-39577

Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...

CVE-2026-31252

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading component. The framework uses torch.load to load model weight files e.g., llm.pt, flow.pt, hift.pt without enabling the security-restrictive...

CVE-2026-31250

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its averagemodel.py model averaging tool. The script loads PyTorch checkpoint files epoch.pt for model averaging using torch.load without enabling the...

PT-2026-39638

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The load checkpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

PT-2026-39721

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2rc2 Description The ordinary module loader in this command-line JSON processor recurses without cycle detection when two valid modules include each other. Recommendations Update to a version later than 1.8.2rc1...

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have a vulnerability related to input validation errors. This vulnerability arises because jq accepts embedded NUL bytes at the jq language level during import paths. However, during...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...

PT-2026-39741

A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall relevant memories to working memory of the file core/cat/looking glass/stray cat.py of the component cheshire cat core. This manipulation causes resour...

Linux Distros Unpatched Vulnerability : CVE-2026-8276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the...

Debian dla-4577 : p7zip-rar - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4577 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4577-1 [email protected] https://www.debian.org/lts/security/...

RHEL 9 : nginx:1.26 (RHSA-2026:15966)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15966 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 9 : nginx:1.24 (RHSA-2026:15943)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15943 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 9 : nginx (RHSA-2026:15942)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15942 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

RHEL 9 : nginx:1.24 (RHSA-2026:15945)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15945 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

CVE-2026-8253

Devs Palace ERP Online (up to v4.0.0) contains an XSS vulnerability in the /inventory/purchase_save functionality. The issue arises from manipulation of an unknown component, allowing remote initiation of an attack. Exploit appears to be public. Vendor has not responded to disclosures. No remedia...

EUVD-2026-28999

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...