PT-2026-42702

Name of the Vulnerable Software and Affected Versions KnpSnappyBundle affected versions not specified Description An issue exists that allows Server-Side Request Forgery SSRF and local file read. This occurs when applications allow user-supplied input to be passed directly to the Snappy library,...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the POST parameter tickid being directly concatenated into the WHERE clause of the SELEC...

PT-2026-42661

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

RHEL 8 : kernel (RHSA-2026:20051)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20051 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Fragnesia is a variant of Dir...

PT-2026-42630

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

PT-2026-42514

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db loader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database witho...

Exploit for Path Traversal in Mikrotik Routeros

Ferramentas de Pentest — /rede Repositório de scripts para au...

CVE-2026-9133

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

DEBIAN-CVE-2026-9121

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9121

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9113

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9113

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-39352

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above...

CVE-2026-9121

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9122

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9113

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

EUVD-2026-31181

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

CVE-2026-9133

CVE-2026-9133 affects the rabbitmq-aws plugin’s ARN resolver. Active debug code enables a debug ARN scheme (arn:aws-debug:file) that is accepted by PUT /api/aws/arn/validate, allowing remote authenticated users to perform arbitrary file reads on files accessible to the RabbitMQ process. This issu...