Apache HTTP Server - Remote Code Execution

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...

ZyXel USG - Hardcoded Credentials

A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...

Oracle PeopleSoft PeopleTools PSEMHUB - Pre-Auth Java Deserialization RCE

Oracle PeopleSoft PeopleTools 8.61 and 8.62 contain a remote code execution vulnerability in Updates Environment Management, letting unauthenticated network attackers fully compromise the system, exploit requires network access via HTTP. id: CVE-2026-35273 info: name: Oracle PeopleSoft PeopleTool...

EUVD-2026-39117

ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

AlmaLinux 8 : libreoffice (ALSA-2026:28922)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28922 advisory. LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents CVE-2026-4430 Tenable has extracted the preceding description block directly from the...

Photon OS 4.0: Nodejs PHSA-2026-4.0-1041

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-52655

Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...

Security update for perl-Net-Dropbox-API (moderate)

openSUSE Security Update: Security update for perl-Net-Dropbox-API Announcement ID: openSUSE-SU-2026:0217-1 Rating: moderate References: 1240884 Cross-References: CVE-2024-58036 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

Malicious code in leo-cdk-lib (npm)

The leo-cdk-lib npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

CVE-2026-54530

A flaw was found in pypdf, a pure-python PDF library. An attacker can craft a malicious PDF file that, when processed by a system extracting text in layout mode, can lead to an infinite loop. This vulnerability results in a Denial of Service DoS, making the affected system unresponsive. Mitigatio...

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

CVE-2026-7539

Technical details about CVE-2026-7539 are not publicly available in the provided documents. Monitor for updates from HP and CVE records for affected products, affected components, and fixes.

CVE-2026-7539 HP Dock Accessory WMI Provider Installer Security Update

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

EUVD-2026-38902

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix null-ptr-deref in proto update unixstreamconnect sets skstate WRITEONCEsk-skstate, TCPESTABLISHED before it assigns a peer unixpeersk = newsk. skstate == TCPESTABLISHED makes sockmapskstateallowed believe...