UBUNTU-CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

SQLite <= 3.51.1 Information Disclosure

The version of SQLite installed on the remote host is prior to 3.51.2. It is, therefore, affected by an information disclosure issue where the zipfileInflate function, responsible for decompressing ZIP file contents, fails to properly validate or sanitize data during the inflation process. When...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2025-075 (ALASECS-2025-075)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-075 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking...

EUVD-2025-24033

Malicious code in bioql PyPI...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.8)

The version of AOS installed on the remote host is prior to 7.0.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.8 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

BIT-LIBPHP-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

CVE-2024-32064

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process...

PT-2024-22297 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.1.2 Description: An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Recommendations: For versions prior to...

AZL-32204 CVE-2023-48795 affecting package openssh for versions less than 8.9p1-4

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

PT-2021-14393 · Unknown · Oauth2 Proxy

Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 7.0.0 Description: The issue concerns the whitelist domain feature in OAuth2 Proxy, where a domain that ends similarly to the intended domain could be allowed as a redirect. For example, if a whitelist domain is...

Remote code execution

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...

EE 4GEE WiFi MBB Cross-Site Request Forgery Vulnerability (CNVD-2017-33216)

The EE 4GEE WiFi MBB is a mobile wireless router device from EE UK. A cross-site request forgery vulnerability exists in versions prior to EE 4GEE WiFi MBB EE600005.0031. A remote attacker can exploit this vulnerability to perform unauthorized operations by tricking a user into visiting a malicio...

CVE-2016-8233

Log files generated by Lenovo XClarity Administrator LXCA versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user...