CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

RHEL 8 : libpng15 (RHSA-2026:6466)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6466 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...

ROS-20260403-73-0006

A vulnerability in the setblocksize function of the block/bdev.c module of the Linux kernel block layer is related to null pointer dereferencing. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...

RHEL 8 : libpng15 (RHSA-2026:6468)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6468 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33416)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33416 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG...

GO-2026-4891 act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act...

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

EUVD-2026-18342

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

EUVD-2026-18352

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

CVE-2026-5339 Tenda G103 Setting gpon.lua action_set_net_settings command injection

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

Important: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Important: Red Hat Security Advisory: libpng15 security update

An update for libpng15 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: libpng12 security update

An update for libpng12 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...