PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

Request Tracker 授权问题漏洞

Request Tracker is a problem and ticket tracking system developed by Request Tracker Inc. Versions of Request Tracker from 5.0.9 and earlier, as well as versions 6.0.0 to 6.0.2, have a permission issue vulnerability. This vulnerability stems from an authentication bypass in RT installations that...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016686 advisory. Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a...

Linux Distros Unpatched Vulnerability : CVE-2026-6841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the Page parameter in GET requests. An attacker can craft a URL that, wh...

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

Linux Distros Unpatched Vulnerability : CVE-2026-6063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain...

Linux Distros Unpatched Vulnerability : CVE-2026-41075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection...

RockyLinux 8 : osbuild-composer (RLSA-2025:9844)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9844 advisory. net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Tenable has extracted the preceding description block directly fr...

Exploit for CVE-2026-5118

Divi Form Builder ⚠️ WARNING: This tool is for authorized p...

CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

CVE-2026-7890 Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-8411

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

CVE-2026-8412 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

CVE-2026-8413

Concrete CMS

CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

CVE-2026-8432

Concrete CMS versions prior to 9.5.0 are affected by a Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/backend/file star(), due to a flaw in the star() function. Affected range includes 9.0.0 through 9.4.x. The issue is exploited by convincing an authenticated user to perfo...