PT-2026-37260

Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.2.2 Description An authentication bypass exists in the SessionMiddleware where the system accepts a client-supplied X-Admin-Token HTTP request header. When no Kratos session cookie is present, the raw string value ...

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions prior to ProFTPD 1.3.9a contained a SQL injection vulnerability. This vulnerability stems from the sqltabFetchClientsCB function in contrib/modwrap2sql.c. When the option “UseReverseDNS on” is...

PT-2026-36999

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.7.2 and earlier Description An issue allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send...

PT-2026-36998

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.8 through 3.18 Description A remote code execution flaw exists in the console interface. Unauthenticated attackers can execute arbitrary code by exploiting the fork command functionality. This is achieved by...

PT-2026-37238

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.9a 7666224 Description A SQL injection issue exists in the sqltab fetch clients cb function within contrib/mod wrap2 sql.c. When the "UseReverseDNS on" setting is enabled, a remote attacker can inject arbitrary SQ...

Eclipse Equinox OSGi 访问控制错误漏洞

Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions of Eclipse Equinox OSGi prior to 3.7.2 contained an access control vulnerability. This vulnerability stemmed from a remote code execution flaw in the console interface, allowing unauthenticated...

Eclipse Equinox OSGi 访问控制错误漏洞

Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

Astra Linux – Vulnerability in Tomcat9

There is an input validation vulnerability in Apache Tomcat. Versions of Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81, and from 8.5.0 through 8.5.93 did not properly parse HTTP trailer headers. A specially crafted, invalid trailer header...

Astra Linux – Vulnerability in Tomcat9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26, or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat would not reject requests containing an invalid Content-Length header. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: In rtlwifi, memory leaks and invalid access at the probe error path have been fixed. The deinitialization is performed in reverse order when the probe fails. When initswvars fails, rtldeinitcore should not be called. Thi...

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat versions 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46, and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances, which could lead to requests for data smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored t...

Astra Linux – Vulnerability in Puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted; it did not prevent new connections from being blocked by greedy persistent-connections that saturated all threads ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The value of UnboundedRequestEnabled was checked. The UnboundedRequestEnabled parameter in CalculateSwathAndDETConfigurationparamsst is a pointer i.e., dmlboolt UnboundedRequestEnabled. Therefore, if...

Astra Linux – Vulnerability in JRuby

A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header th...

clan-nxt-toolkit

🔴 CLAN NXT Toolkit ██████╗██╗ █████╗ ███╗ ██╗...

Malicious code in buffparser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cc891132b1216e9093bcdd4581373dc7f750f700c82347c28bd1dff079261d8 Described as a utility for gaming, the code starts a reverse shell when using the exposed alledegdly parsing function. --- Category: MALICIOUS - The campaign h...