BIT-APACHE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

Scammers love Meta, according to Lloyds Bank

Scammers go phishing wherever the victims are. In the UK, that means Facebook, Instagram, and WhatsApp, according to Lloyds Bank. It just revealed that Meta platforms account for over two thirds of fraud reports made by its customers. Writing in The Sunday Times, Lloyds Bank's fraud prevention...

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

PT-2026-47313

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A Use After Free issue exists in Apache HTTP Server when using mod ldap in per-directory configuration. Use After Free occurs when an application continues to use a pointer after it...

NetGain EM Plus 安全漏洞

NetGain EM Plus is a network and system management software developed by NetGain Company in Singapore. Version 10.1.68 of NetGain EM Plus contains a security vulnerability. This vulnerability stems from the parameter handling in the scripttest.jsp endpoint, which may allow unverified attackers to...

AZL-77691 CVE-2026-23118 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpcpeerkeepaliveworker / rxrpcsenddatapacket which is reporting an issue with the reads and writes to -lasttxat in:...

SUSE CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

MiracleLinux 4 : thunderbird-68.7.0-1.AXS4 (AXSA:2020-4709:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4709:03 advisory. Mozilla: Use-after-free while running the nsDocShell destructor CVE-2020-6819 Mozilla: Use-after-free when handling a ReadableStream CVE-2020-6820...

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

PT-2026-3446

Name of the Vulnerable Software and Affected Versions WeasyPrint versions prior to 68.0 Description WeasyPrint is a tool used by web developers to generate PDF documents. A server-side request forgery SSRF protection bypass exists in WeasyPrint’s default url fetcher for versions prior to 68.0. Th...

MiracleLinux 7 : firefox-68.7.0-2.0.1.el7.AXS7 (AXSA:2020-4711:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4711:08 advisory. Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6821 Mozilla: Memory safety bugs fixed in Firefox 7...

WeasyPrint code-related vulnerabilities

WeasyPrint is an intelligent solution developed by Kozea. It helps web developers create PDF files. Versions of WeasyPrint prior to 68.0 contained code vulnerabilities. These vulnerabilities stemmed from a protection mechanism in the defaulturlfetcher that allowed server-side request forgery...

MiracleLinux 7 : firefox-68.4.1-1.0.1.el7.AXS7 (AXSA:2020-4427:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4427:01 advisory. Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 Mozilla: Bypass of @namespace CSS sanitization durin...

CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2023-54232

In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrqtrigger. This is expected cause a bus error exception on e.g. NUL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unaligned lock pointer in hungtask causing a warning that could affect the m68k architecture...

Linux Distros Unpatched Vulnerability : CVE-2018-6158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Ransomware incidents in Japan during the first half of 2025

In the first half of 2025, the number of ransomware attacks in Japan increased by approximately 1.4 times compared to the previous year. Ransomware attackers continue to primarily target small and medium-sized enterprises in Japan. The most affected industry remains manufacturing, unchanged from...

Linux Distros Unpatched Vulnerability : CVE-2018-6153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds...

Linux Distros Unpatched Vulnerability : CVE-2018-6173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN...