CVE-2026-30462

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal...

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-35528

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description On Windows, the shutil.unpack archive function fails to properly check for absolute paths within ZIP archives. If an archive contains a path with a drive letter e.g., C:, files may be extract...

📄 Windows Cloud Files Tiering Engine Local Privilege Escalation

his Metasploit local exploit module models a Windows privilege escalation scenario involving Cloud Files, NTFS reparse points, named pipes, and service interaction. The workflow simulates abusing file system operations and cloud sync mechanisms by creating controlled directories, placeholder file...

CVE-2026-30462

This CVE covers a path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 . Connected sources consistently identify the issue as a directory traversal risk within the Blocks component, affecting FuelCMS’s Blocks controller (e.g., Blocks.php). No concrete exploitation d...

CVE-2026-7062

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed...

xfrm: clear trailing padding in build_polexpire()

...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...

CVE-2026-6019

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produc...

EUVD-2026-25644

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Make afalggetrsgl limit each RX scatterlist extraction to the remaining receive buffer budget. afalggetrsgl currently uses afalgreadable only as a gate before...

[SECURITY] Fedora 44 Update: xdg-dbus-proxy-0.1.7-1.fc44

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts...

[SECURITY] Fedora 44 Update: qt6-qtwayland-6.10.3-1.fc44

Qt6 - Wayland platform support and QtCompositor module...

[SECURITY] Fedora 44 Update: qt6-qttranslations-6.10.3-1.fc44

Qt6 - QtTranslations module...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 44 Update: qt6-qtmqtt-6.10.3-1.fc44

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

[SECURITY] Fedora 44 Update: python-pyside6-6.10.3-1.fc44

PySide6 is the official Python module from the Qt for Python project, which provides access to the complete Qt 6+ framework...

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-15.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-8.fc44

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...