74 matches found
CVE-2026-59151
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
Debian dla-4608 : corosync - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4608 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4608-1 [email protected]...
RockyLinux 9 : fence-agents (RLSA-2026:19355)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19355 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...
Astra Linux – Vulnerability in libxmltok
In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...
USN-8170-1 corosync vulnerabilities
It was discovered that Corosync incorrectly handled the membership commit token validity check. A remote attacker could use this issue to cause Corosync to crash, resulting in a denial of service, or to possibly obtain a small quantity of sensitive information. CVE-2026-35091 It was discovered th...
CVE-2026-3475
The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...
EUVD-2018-4066
Malware in sbrugna...
EUVD-2020-28904
Malware in sbrugna...
EUVD-2013-0016
Malware in sbrugna...
EUVD-2018-13552
Malware in sbrugna...
EUVD-2020-3139
Malware in sbrugna...
EUVD-2013-3451
Malware in sbrugna...
EUVD-2019-6158
Malware in sbrugna...
EUVD-2019-13478
Malware in sbrugna...
EUVD-2020-29443
Malware in sbrugna...
EUVD-2018-5842
Malware in sbrugna...
EUVD-2021-2067
Malware in sbrugna...
EUVD-2016-3147
Malware in sbrugna...
EUVD-2018-5479
Malware in sbrugna...