PT-2026-38619

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...

PT-2026-39298

Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description An issue exists in the DiffusionPipeline.from pretrained flow when loading pipelines from Hugging Face Hub repositories. The resolve custom pipeline and cls function in pipeline loading utils.py...

PT-2026-38599

Name of the Vulnerable Software and Affected Versions MAXHUB Pivot client versions prior to 1.36.2 Description An issue in the application allows an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Because a hardcoded AES key Advanced Encryption Standard, ...

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

Linux Distros Unpatched Vulnerability : CVE-2026-43247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter...

Bludit CMS 3.18.4 - RCE

Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...

ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)

Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link: https://github.com/thingsboard/thingsboard Version: . When ThingsBoard processes the uploaded SVG server-side, it...

telnetd 2.7 - Buffer Overflow

Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: inetutils-telnetd through 2.7 patch pending in next release Tested...

NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

Ghost CMS 6.19.0 - SQLi

Exploit Title: Ghost CMS 6.19.0 - SQLi Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =3D 3.24.0, = 3.24.0, = 6.19.0 Tested on: Ghost 6.16.1 CVE : CVE-2026-26980 !/usr/bin/env python3 import requests import re import sys...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

MiracleLinux 8 : openssh-8.0p1-29.el8_10 (AXSA:2026-554:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-554:03 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

MiracleLinux 9 : openssh-8.7p1-49.el9_7.ML.1 (AXSA:2026-555:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-555:04 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

GHSA-84JC-3HJ2-HWC7 kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input

Summary The POST /v1/domain/image and POST /v1/oauth2/rsname/image handlers call validateimage on the uploaded body before the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated. O...

kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input

Summary The POST /v1/domain/image and POST /v1/oauth2/rsname/image handlers call validateimage on the uploaded body before the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated. O...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

╔═════════════════════════════════════════════════════════...

opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

Summary A server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azureauth. The extension's Authenticate metho...

GHSA-PJV4-3C63-699F opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

Summary A server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry receiver that uses auth: azureauth. The extension's Authenticate metho...

GHSA-95Q8-X6R6-672M Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...