vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from the SuppressedError feature, whi...

CVE-2026-38751

CVE-2026-38751 affects OpenSTAManager versions prior to 2.11 (2.10 and earlier) and is an arbitrary file upload vulnerability in the module update endpoint (modules/aggiornamenti/upload_modules.php). The Red Hat/NVD/CVE records, along with PT-Security and CVE enrichment sources, confirm a vulnera...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

An integer overflow or wrap-around vulnerability exists in the OpenEuler kernel on Linux file system modules, allowing for forced integer overflow. This issue affects the OpenEuler kernel, starting from version 4.19.90, up to and including version 4.19.90-2401.3, as well as versions 5.10.0-60.18....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the issue relates to tcpcongestionops, which has...

Astra Linux - уязвимость в linux-astra-modules-5.15, linux-astra-modules-6.1, linux-astra-modules-5.10, linux-astra-modules-5.4, linux-5.10, linux-5.15, linux-6.1, linux

The vulnerability of Linux Astra Modules’ kernel modules is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.10

The vulnerability of the parsechooksetxattr function in the Linux kernel-module astra-modules is related to the lack of checking for the returned value. Exploiting this vulnerability allows a perpetrator to cause a service failure...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk from being released while still in use The functions iplocalout and others can pass skb-sk as a function argument. If the skb is a fragment and reassembly occurs before such a function call returns, t...

pentest-automation-framework

pentest-automation-framework Built this to speed up structure...

Xseta-WP-Exploit

Xseta-WP-Exploit Xseta - WordPr...

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp ," which h...

PT-2026-36352

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2 Description A heap-based buffer overflow exists in the Kerberos hash parser. The issue occurs within the module hash decode function across several Kerberos-related modules. It is caused by the account info len variable...

CVE-2026-42484

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

CVE-2026-42484

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

CVE-2026-42800

NULL pointer dereference vulnerability in ASR1903 in ASR LapwingLinux on Linux imsclient modules allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c...

EUVD-2026-26360

NULL pointer dereference vulnerability in ASR1903 in ASR LapwingLinux on Linux imsclient modules allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c...

EUVD-2026-26358

Out-of-bounds read vulnerability in ASR Kestrel nrfw modules allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nrfw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10...

Debian dsa-6238 : ata-modules-6.12.74+deb13+1-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6238 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6238-1 [email protected] https://www.debian.org/securit...

PT-2026-36083

Name of the Vulnerable Software and Affected Versions ASR Kestrel versions prior to 2026/02/10 Description An out-of-bounds read issue in the nr fw modules allows overflow buffers. This flaw is associated with the program file Code/Nr/nr fw/RA/src/NrPwrCtrl.C. Recommendations Update ASR Kestrel t...

PrestaShop Version Hunter

psversionhunter.py fingerprints a PrestaShop installation by comparing the versions of its native modules against the module versions bundled with a known PrestaShop release tag. This is useful when a target does not expose the PrestaShop core version directly but still exposes native module...

RLSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...