Eclipse Equinox OSGi 访问控制错误漏洞

Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions prior to ProFTPD 1.3.9a contained a SQL injection vulnerability. This vulnerability stems from the sqltabFetchClientsCB function in contrib/modwrap2sql.c. When the option “UseReverseDNS on” is...

PT-2026-37238

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.9a 7666224 Description A SQL injection issue exists in the sqltab fetch clients cb function within contrib/mod wrap2 sql.c. When the "UseReverseDNS on" setting is enabled, a remote attacker can inject arbitrary SQ...

PT-2026-36999

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.7.2 and earlier Description An issue allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send...

PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fixed the incorrect order of resource deallocation. When attempting to destroy a QP or CQ, we first reduce the reference count and potentially free the memory regions allocated for the object. Then, we request the devic...

Astra Linux - уязвимость в apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

clan-nxt-toolkit

🔴 CLAN NXT Toolkit ██████╗██╗ █████╗ ███╗ ██╗...

Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

MAL-2026-3203 Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...

Exploit-Dev-Lab-Vulnserver-TRUN

Buffer Overflow Exploitation — Vulnserver TRUN Ty...

CVE-2026-7381

Plack::Middleware::XSendfile (Perl)

CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

h2database-rce-poc

H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...

CVE-2026-40560

A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40575

A flaw was found in OAuth2 Proxy. When configured with --reverse-proxy and either --skip-auth-regex or --skip-auth-route, the proxy may trust a client-supplied X-Forwarded-Uri header. An unauthenticated remote attacker can exploit this by spoofing the header, leading to an authentication bypass...

Kai-Tools

Kai Tools 🚀 Kai Tools adalah suite keamanan dan intelijen...

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

ARIstoteles -- Dissecting Apple's Baseband Interface

Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance...