PT-2026-47018

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

PT-2026-47019

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The File Manager functionality contains a Broken Access Control issue resulting from...

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by 16 file manager endpoints to ensure that the requesting user had an SSH session...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the sessionId parameter by the file manager’s functionality. The identifier controlle...

PT-2026-47016

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. Sixteen file-manager endpoints fail to verify if the requesting user owns the SSH...

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

PT-2026-46954

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

HAXCMS 代码问题漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from improper session termination, which could allow attackers to obtain valid tokens and gain persistent access to...

RockyLinux 10 : osbuild-composer (RLSA-2026:22450)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22450 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...

Linux Distros Unpatched Vulnerability : CVE-2026-11181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML...

RockyLinux 10 : go-fdo-client and go-fdo-server (RLSA-2026:22141)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22141 advisory. crypto/tls: Unexpected session resumption in crypto/tls CVE-2025-68121 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certifica...

PT-2026-47085

Summary The shared form-view submit handler in NocoDB writes the form's redirect url to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirect url; when an authenticated...

CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11181

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...