121693 matches found
CVE-2025-13826 Incorrect input validation on the Zervit portable HTTP/Web server
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is...
CVE-2026-41302
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
DEBIAN-CVE-2026-35587
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
PT-2026-34053
Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description The admin dashboard Autodiscover logs fail to perform HTML escaping on the EMailAddress value, which is logged as the user field. An unauthenticated attacker can submit a crafted...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010920)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010920 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-007032)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007032 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...
PT-2026-33991
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010828)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010828 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006896)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006896 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH should be...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010703)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010703 advisory. In the Linux kernel, the following vulnerability has been resolved: block: don't call rqqosops-donebio if the bio isn't tracked rqqos framework is only applied on...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing mechanism in the market plugin download function, which could allow attackers to...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the MailboxesController::updateSave function, which...
PT-2026-33976
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
PT-2026-34225
Name of the Vulnerable Software and Affected Versions free5GC AMF versions prior to 1.4.3 Description The HTTPUEContextTransfer handler in internal/sbi/api communication.go lacks a default case in the Content-Type switch statement. If a request is sent with an unsupported Content-Type, the...
Seeyon OA A8 代码问题漏洞
Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...
CVE-2026-31014
Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the fact that, under limited visibility, the...
PT-2026-34201
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...