PT-2026-27436

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions affected versions not specified Description NGINX Open Source and NGINX Plus, when built with the ngx http mp4 module module and configured with the mp4 directive, are susceptible to a buffer over-read...

PT-2026-27432

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source affected versions not specified Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed CRLF sequences within DNS responses. An attacker...

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both NGINX Open Source and NGINX Plus...

F5 NGINX Open Source 输入验证错误漏洞

F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. The 32-bit version of F5 NGINX Open Source has a vulnerability related to input validation errors. This vulnerability stems from issues with out-of-bound reading...

Linux Distros Unpatched Vulnerability : CVE-2026-27651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue ma...

F5 NGINX Plus和F5 NGINX Open Source 注入漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

PT-2026-27431

Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified Description The 32-bit implementation of NGINX Open Source contains an issue within the ngx http mp4 module module. This can allow an attacker to read from or write to NGINX worker memory,...

PT-2026-27284

Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in the Patient Check-In Module of the software, specifically within the ValidateToken function located in the /php/api patient checkin.php file...

mod_gnutls 信任管理问题漏洞

modgnutls is a GnuTLS-based TLS module for Apache HTTPD developed by Airtower developers. Versions of modgnutls prior to 0.13.0 had a trust management vulnerability. This vulnerability stemmed from the lack of checking extended key usages during client certificate verification, which could lead t...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

Alibaba Cloud Linux 3 : 0056: grub2 (ALINUX3-SA-2026:0056)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0056 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-61662: A Use-After-Free vulnerability has...

ROS-20260324-73-0036

A vulnerability in the net/mac80211/tdls.c component of the Linux operating system kernel is related to simultaneous execution using a shared resource with improper synchronization. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its integrity,...

PT-2026-27317

Name of the Vulnerable Software and Affected Versions InsightSoftwareConsortium ITK versions prior to 2.7.1 Description An integer overflow or wraparound condition exists in the Expat parser within the ITK software. This issue is network-reachable and allows for automatable exploitation. The...

GO-2026-4769 Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju

Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4744 Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

SUSE-SU-2026:0982-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

USN-8095-4: Linux kernel (AWS) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

CVE-2026-32968

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...