Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

GHSA-XHJ4-VRGC-HR34 actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

OPENSUSE-SU-2026:20603-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

CVE-2026-33600 Null pointer dereference in RPZ transfer

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

CVE-2026-33600 Null pointer dereference in RPZ transfer

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

WordPress Sendmachine for WordPress plugin <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation vulnerability

Unauthenticated SMTP Hijack to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sendmachine for WordPress versions = 1.0.20...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

[SECURITY] Fedora 43 Update: curl-8.15.0-6.fc43

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

CVE-2026-41136

free5GC AMF provides Access & Mobility Management Function AMF for free5GC, an an open-source project for 5th generation 5G mobile core networks. Prior to version 1.4.3, the HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switc...

TL-RL-FusionNet: An Adaptive and Efficient Reinforcement Learning-Driven Transfer Learning Framework for Detecting Evolving Ransomware Threats

Modern ransomware exhibits polymorphic and evasive behaviors by frequently modifying execution patterns to evade detection. This dynamic nature disrupts feature spaces and limits the effectiveness of static or predefined models. To address this challenge, we propose TL-RL-FusionNet, a reinforceme...

Linux Distros Unpatched Vulnerability : CVE-2026-32147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user t...

CVE-2026-41136 free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer

free5GC AMF provides Access & Mobility Management Function AMF for free5GC, an an open-source project for 5th generation 5G mobile core networks. Prior to version 1.4.3, the HTTPUEContextTransfer handler in internal/sbi/apicommunication.go does not include a default case in the Content-Type switc...

EUVD-2026-24389

Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...

CVE-2026-35231

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-34301

Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft component: Work Order Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2026-34291

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While...

CVE-2026-40884

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...