PT-2026-38256

Name of the Vulnerable Software and Affected Versions Samsung Print Service Plugin for Android affected versions not specified Description Samsung Print Service Plugin for Android contains a flaw that may lead to information disclosure when accessed via mobile devices using an outdated version of...

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the use of a vulnerable WSGI server. Deploying outdated or...

Samsung Print Service Plugin – Potential Information Disclosure

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. Update your application...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an outdated check in the cpuidle driver within the ACPI processor driver. This vulnerability may lead t...

HCL DFXAnalytics 跨站脚本漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The application uses outdated X-XSS-Protection headers. Attackers may...

CVE-2026-7611

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

CVE-2026-31600 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31600 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to discard outdated Unicode buffers when exiting the standby screen after resizing it...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Security update for flatpak

This update for flatpak fixes the following issues: CVE-2026-34078: improper processing of app-controlled symlinks by sandbox-expose can lead to sandbox escape, host file access and code execution in the host context bsc1261769. CVE-2026-34079: improper removal of outdated cache files allows for...

FreeBSD : go-ethereum -- vulnerabilities (9c8c00ce-3642-11f1-bd03-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c8c00ce-3642-11f1-bd03-3c7c3fba4204 advisory. https://github.com/ethereum/go-ethereum/security/advisories reports: Tenable has extracted the...

fastify/reply-from和fastify/http-proxy 安全漏洞

fastify/reply-from and fastify/http-proxy are both products from the Fastify open-source project. fastify/reply-from is a plugin designed to forward incoming HTTP requests to another server. fastify/http-proxy is a full-featured HTTP proxy plugin that supports proxying WebSocket connections and...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-095 (ALASNITRO-ENCLAVES-2026-095)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-095 advisory. url.Parse insufficiently validated the host/authority component and accepted some inval...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-094 (ALASNITRO-ENCLAVES-2026-094)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-094 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

CVE-2026-22565

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

SUSE CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

EUVD-2026-20563

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

CVE-2026-34079 Flatpak affected by arbitrary file deletion on the host filesystem

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

penetration-testing-engagement

Internal Network Penetration Test Overview Conducted a ful...