cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

GO-2026-4398 WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal

WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

EUVD-2026-5333

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...

Tanium Deploy 安全漏洞

Tanium Deploy is a software management module developed by the American company Tanium. Tanium Deploy has a security vulnerability, which stems from improper input validation...

Tanium Comply 安全漏洞

Tanium Comply is a risk assessment and compliance checking module developed by the American company Tanium. Tanium Comply has security vulnerabilities, which stem from improper default permission settings...

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

Tanium Threat Response 安全漏洞

Tanium Threat Response is a core security module for endpoint detection and response developed by the American company Tanium. Tanium Threat Response has a security vulnerability, which stems from information leakage...

Tanium Threat Response 安全漏洞

Tanium Threat Response is a core security module for endpoint detection and response developed by the American company Tanium. Tanium Threat Response has a security vulnerability, which stems from information leakage...

Tanium Deploy 安全漏洞

Tanium Deploy is a software management module developed by the American company Tanium. Tanium Deploy has a security vulnerability, which stems from improper access control...

Tanium Performance 安全漏洞

Tanium Performance is a terminal performance monitoring and troubleshooting module provided by the American company Tanium. Tanium Performance has a security vulnerability, which stems from improper default permission settings...

Tanium Discover 安全漏洞

Tanium Discover is an asset scanning module developed by the American company Tanium. Tanium Discover has a security vulnerability, which stems from improper input validation...

Moxa Industrial Linux 安全漏洞

Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...

ROS-20260205-73-0011

A vulnerability in the btrfsprelimref function of the include/trace/events/btrfs.h module of the Linux kernel is related to pointer dereferencing resulting from calls to old and new variables in the wrong order. Exploitation of the vulnerability could allow an attacker to cause a denial of servic...

ROS-20260205-73-0028

A vulnerability in the crypto, lzo modules of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability may allow an attacker to violate data integrity and also cause a denial of service...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3157 (ALAS-2026-3157)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3157 advisory. A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

FreePBX 17.0.2.36 < 17.0.3 Command Injection (GHSA-vm9p-46mv-5xvw)

The version of FreePBX installed on the remote host is 17.0.2.36 or later but prior to 17.0.3. It is, therefore, affected by a command injection vulnerability: - The filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated...

CVE-2026-23086

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peerbufalloc, which is set from the remote endpoint's SOVMSOCKETSBUFFERSIZE value. On the host side this means that the...

CVE-2026-1884

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...

CVE-2026-1884

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...