Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...

pentest-automation-framework

pentest-automation-framework Built this to speed up structure...

Xseta-WP-Exploit

Xseta-WP-Exploit Xseta - WordPr...

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp ," which h...

CVE-2026-42484

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

PT-2026-36352

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2 Description A heap-based buffer overflow exists in the Kerberos hash parser. The issue occurs within the module hash decode function across several Kerberos-related modules. It is caused by the account info len variable...

PT-2026-38389

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in the host context. This occurs because...

CVE-2026-42484

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

CVE-2026-42800

NULL pointer dereference vulnerability in ASR1903 in ASR LapwingLinux on Linux imsclient modules allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c...

EUVD-2026-26360

NULL pointer dereference vulnerability in ASR1903 in ASR LapwingLinux on Linux imsclient modules allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c...

EUVD-2026-26358

Out-of-bounds read vulnerability in ASR Kestrel nrfw modules allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nrfw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10...

PT-2026-36083

Name of the Vulnerable Software and Affected Versions ASR Kestrel versions prior to 2026/02/10 Description An out-of-bounds read issue in the nr fw modules allows overflow buffers. This flaw is associated with the program file Code/Nr/nr fw/RA/src/NrPwrCtrl.C. Recommendations Update ASR Kestrel t...

Debian dsa-6238 : ata-modules-6.12.74+deb13+1-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6238 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6238-1 [email protected] https://www.debian.org/securit...

PrestaShop Version Hunter

psversionhunter.py fingerprints a PrestaShop installation by comparing the versions of its native modules against the module versions bundled with a known PrestaShop release tag. This is useful when a target does not expose the PrestaShop core version directly but still exposes native module...

RLSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

IPDevicePenTest

IPDevicePenTest Automated penetration testing framework for...

python3.11 security update

An update is available for python3.11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...