CVE-2026-8186 Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogssbiclientsendviascporsepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...

CVE-2026-8186 Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogssbiclientsendviascporsepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...

CVE-2026-34743 affecting package xz for versions less than 5.4.4-3

CVE-2026-34743 affecting package xz for versions less than 5.4.4-3. A patched version of the package is available...

CVE-2026-0966 affecting package libssh for versions less than 0.10.6-7

CVE-2026-0966 affecting package libssh for versions less than 0.10.6-7. A patched version of the package is available...

EUVD-2026-28863

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operation...

CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-8133

CVE-2026-8133 affects zyx0814 FilePress up to version 2.2.0, specifically the Shares Filelist API concerning dzz/shares/admin.php. The vulnerability arises from incorrect handling of argument order, enabling SQL injection. It is exploitable remotely, with exploitation details publicly disclosed. ...

CVE-2026-8124

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

CVE-2026-8124

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

Linux Distros Unpatched Vulnerability : CVE-2026-43300

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jd...

Linux Distros Unpatched Vulnerability : CVE-2026-6104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstri...

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

Linux Distros Unpatched Vulnerability : CVE-2026-41506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentia...

Linux Distros Unpatched Vulnerability : CVE-2026-44928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. CVE-2026-44928 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2026-44916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing. CVE-2026-44916 Note that Ness...

CVE-2026-8113

CVE-2026-8113 affects 8421bit MiniClaw: the isPathInside function in src/kernel.ts (executeSkillScript) enables path traversal. Remote exploit described; no explicit product version details are provided. A patch is referenced (e8bd4e17e9428260f2161378356affc5ce90d6ed). Monitor for official fix an...

CVE-2026-8112

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-8112 8421bit MiniClaw kernel.ts executeCognitivePulse os command injection

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been...

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...