101 matches found
PT-2026-48467
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 26.0 through 29.0.1 Erlang/OTP version 28.5.0.1 and earlier Erlang/OTP version 27.3.4.12 and earlier ssl versions 11.0 through 11.7.1 ssl version 11.6.0.1 and earlier ssl version 11.2.12.8 and earlier Description An issue i...
CVE-2026-42012
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: virtiofs: added a check for the filesystem context source name In certain scenarios, for example during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an additional check for the source...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of the zone on the Solaris host, the zone name is checked by listing the process with the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a malicious zone...
Apache MINA 代码问题漏洞
Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...
PT-2026-33466
Name of the Vulnerable Software and Affected Versions ByteDance DeerFlow versions prior to commit 2176b2b Description An issue exists in bootstrap-mode custom-agent creation where the validation of the agent name is bypassed. This allows attackers to use absolute paths or traversal-style values a...
CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs
Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate. Service...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37773)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37773 advisory. - In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source...
GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
PT-2026-3891
Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...
CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840
SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...
CLSA-2025-1765289777 Fix CVE(s): CVE-2025-11839, CVE-2025-11840
SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...
PT-2025-48316
Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.24 Description The software contains flawed logic when validating uploaded files, specifically concerning the tmp name parameter. This issue resides in the app/Controller/EventsController.php file. Recommendations...
CVE-2025-66384
CVE-2025-66384 affects MISP before v2.5.24. The vulnerability is due to flawed logic in app/Controller/EventsController.php when validating uploaded files, related to tmp_name. Impact is partial and includes high integrity impact per the CVSS data; exploitation details are not provided in the con...
SUSE-SU-2025:4264-1 Security update for ruby2.5
This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor-name The commit 96ffcdf239de “PM / devfreq: Remove redundant governorname from struct devfreq” removes governorname and uses governor-name to replace it. However, devfreq-governo...
EUVD-2016-1429
Malware in sbrugna...