WebVuln-Chain-Framework

WebVuln Chain Framework Modular web vulnerability scanner w...

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

Oracle Linux 8 : perl:5.32 (ELSA-2026-8096)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8096 advisory. - Fix CVE-2025-40909 - Clone dirhandles without fchdir - Fix CVE-2023-47038 - Fix CVE-2021-36770 - mitigate @INC pollution when loading ConfigLocal Tenable has...

MINI-VCC5-5PHH-FR73

Bulletin has no description...

MINI-MQ6M-FFG7-G925

Bulletin has no description...

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

PT-2026-37109

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...

EUVD-2026-23607

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

CVE-2026-32623 xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

EUVD-2026-23504

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

CVE-2026-32623

xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual channel data against it...

CLSA-2026-1776446328 nginx: Fix of 3 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when clearing password in auth http requests with CRAM-MD5/APOP - CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE destination URI is shorter than alias - CVE-2026-32647: fix buffer over-read/over-write in...

CVE-2026-6487 Qihui jtbc5 CMS Code Endpoint manage.php path traversal

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issue: CVE-2026-31899: denial of service via recursive element amplification bsc1259690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

PT-2026-33498

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description A heap-based buffer overflow exists in the NeutrinoRDP module. When proxying RDP sessions to another server, the module does not properly validate the size of reassembled fragmented virtual channel dat...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007314 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007572 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module which will call...