CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

EUVD-2026-27115

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

PT-2026-36908

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...

Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

PT-2026-34681

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

CVE-2026-24468 OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...

CVE-2026-25085 Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass...

CVE-2026-26077

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

Race condition in the Okta Java SDK

Description In the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. Affected product and versions You may be affected if you meet the...

ROS-20251014-02

A vulnerability in the pamsmauthenticate function of the Yubico pam-u2f PAM module is related to the return of an invalid status code state. Exploitation of the vulnerability could allow an attacker to escalate privileges...

EUVD-2021-2069

Malware in sbrugna...

EUVD-2018-4242

Malware in sbrugna...

EUVD-2018-10828

Malware in sbrugna...

EUVD-2018-12643

Malware in sbrugna...

EUVD-2015-1370

Malware in sbrugna...

EUVD-2013-0610

Malware in sbrugna...

EUVD-2018-0495

Malware in sbrugna...

EUVD-2013-2855

Malware in sbrugna...

EUVD-2004-0063

Malware in sbrugna...

EUVD-2013-2812

Malware in sbrugna...