WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

PT-2026-29935

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-34750

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

CVE-2026-5271 Possible to hijack modules in current working directory

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

PT-2026-29526

Name of the Vulnerable Software and Affected Versions pymanager affected versions not specified Description pymanager included the current working directory in its sys.path, allowing modules in the current working directory to shadow intended packages. If a user runs a pymanager-generated command...

K000160554: OpenSSL vulnerability CVE-2025-69421

Security Advisory Description Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files...

Exploit for CVE-2014-8361

Vuln Scanner - Advanced Network Security Scanner !Licenseht...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: perl: perl-5.42.2-524.hum1 aarch64, x8664 perl-Attribute-Handlers-1.03-524.hum1 noarch perl-AutoLoader-5.74-524.hum1 noarch perl-AutoSplit-5.74-524.hum1 noarch perl-B-1.89-524.hum1 aarch64, x8664...

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

CVE-2026-33943

A flaw was found in Happy DOM, a JavaScript implementation of a web browser. This vulnerability allows a remote attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions. The ECMAScriptModuleCompiler component fails to properly sanitize content within export...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943

Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flbmalloc return value is not validated by flbavro.c or httpserver/api/v1/metrics.c...

OESA-2026-1752 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +1721 more potentially affected by CVE-2026-33871 via io.netty:netty-codec-http2 (>=4.2.0.Alpha1 <=4.2.10.Final)

io.netty:netty-codec-http2 MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =0.3.0 - ai.tock:bot-test =26.3.0 - ai.tock:bot-test-base =26.3.0 - ai.tock:bot-toolkit =26.3.0 - ai.tock:bot-toolkit-base =26.3.0 - ai.tock:tock-analytics-chatbase =26.3.0 - ai.tock:tock-aws-tools =26.3.0 -...

CVE-2025-14716

Improper Authentication vulnerability in Secomea GateManager webserver modules allows Authentication Bypass.This issue affects GateManager: 11.4;0...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...