Alibaba Cloud Linux 3 : 0122: java-17-openjdk (ALINUX3-SA-2026:0122)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0122 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...

Linux Distros Unpatched Vulnerability : CVE-2026-40295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the...

Admidio 跨站请求伪造漏洞

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums, and downloads. A cross-site request forgery vulnerability exists in Admidio version 3.3.5, which stems from cross-site request forgery and could...

Linux Distros Unpatched Vulnerability : CVE-2026-48832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. CVE-2026-48832 Note that Nessus relies on the presence of the...

PT-2026-43120

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 2.0-alpha through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description An issue exists in the shiro-jakarta-ee integration module where the shiroSavedRequest cookie is not validated after a successful login. This allows a...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...

RockyLinux 8 : python3 (RLSA-2026:11077)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11077 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a SQL injection vulnerability that stems from the operation of the parameter User in the file /success.php, which could lead to SQL injection...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

DEBIAN-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

UBUNTU-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

The vulnerability affects SPIP’s ecrire component in SPIP prior to version 4.4.15, where action/cookie.php is prone to an open redirect. The underlying issue is an open redirect, allowing an attacker to redirect users to a malicious site via crafted input. Version 4.4.15 addresses this issue (as ...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

EUVD-2026-31601

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

PostCSS 安全漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS 7.1.1 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the toString function in the file/src/selectors/container.js component AST serialization, which...