Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.137 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

MGASA-2026-0108 Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.137 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Análisis Técnico Completo Clasificación:...

CVE

CVE-PENDING: Bdtask Multi-Store Inventory Management System 1...

EUVD-2026-26963

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

EUVD-2026-26951

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CLSA-2026-1777883671 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

CVE-2026-7717

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717

Totolink WA300 5.2cu.7112_B20190227 is affected by CVE-2026-7717. The vulnerability is in the POST Request Handler’s UploadCustomModule function (file path: /cgi-bin/cstecgi.cgi). Manipulating the File argument can trigger a buffer overflow, and the issue can be exploited remotely. Exploitation i...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.66 and earlier contain security vulnerabilities, which stem fro...

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.10 and earlier had code-related vulnerabilities, which stemmed from arbitrary file upload vulnerabilities in the module update function...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

PT-2026-37100

Name of the Vulnerable Software and Affected Versions OpenMRS Core versions prior to 2.7.9 OpenMRS Core versions 2.8.0 through 2.8.5 Description The '/openmrs/moduleResources/moduleid' endpoint is susceptible to a path traversal attack. This occurs because the ModuleResourcesServlet uses the...

EUVD-2026-27086

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

CVE-2026-38751

CVE-2026-38751 affects OpenSTAManager versions prior to 2.11 (2.10 and earlier) and is an arbitrary file upload vulnerability in the module update endpoint (modules/aggiornamenti/upload_modules.php). The Red Hat/NVD/CVE records, along with PT-Security and CVE enrichment sources, confirm a vulnera...

Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities

TrendAI™ Research breaks down Quasar Linux QLNX, a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy...