CVE-2026-48700

PCManFM-Qt (all versions starting from 1.1.0) is affected by an issue where passing a regular file’s path as a URI in the org.freedesktop.FileManager1.ShowFolders D-Bus call causes PCManFM-Qt to launch another program based on the file type without user confirmation. This could enable code execut...

Astra Linux - уязвимость в apache2

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

PT-2026-26674

CVE-2025-55988 An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path. https://t.co/bR1dLDXebx...

MiracleLinux 8 : java-11-openjdk-11.0.19.0.7-1.el8 (AXSA:2023-5306:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5306:08 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.272.b10-1.el8 (AXSA:2020-816:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-816:16 advisory. OpenJDK: Credentials sent over unencrypted LDAP connection JNDI, 8237990 CVE-2020-14781 OpenJDK: Certificate blacklist bypass via alternate certifica...

MiracleLinux 8 : java-17-openjdk-17.0.8.0.7-2.el8 (AXSA:2023-6263:12)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6263:12 advisory. OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper...

MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.382.b05-1.el7 (AXSA:2023-6248:13)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6248:13 advisory. OpenJDK: improper handling of slash characters in URI-to-path conversion 8305312 CVE-2023-22049 OpenJDK: array indexing integer overflow issue 83044...

MiracleLinux 7 : java-11-openjdk-11.0.9.11-0.el7 (AXSA:2020-867:10)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-867:10 advisory. OpenJDK: Credentials sent over unencrypted LDAP connection JNDI, 8237990 CVE-2020-14781 OpenJDK: Certificate blacklist bypass via alternate certifica...

MiracleLinux 9 : java-11-openjdk-11.0.19.0.7-1.el9 (AXSA:2023-5305:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5305:07 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

MiracleLinux 9 : java-17-openjdk-17.0.7.0.7-1.el9 (AXSA:2023-5309:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5309:06 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

MiracleLinux 7 : httpd24-httpd-2.4.34-22.el7.1 (AXSA:2021-2460:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2460:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

EUVD-2007-6283

Malware in sbrugna...

EUVD-2019-3753

Malware in sbrugna...

CVE-2025-34036

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

CVE-2024-11136

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage...

CVE-2025-46689

CVE-2025-46689 affects Ververica Platform 2.14.0 with a Reflected XSS vulnerability exposed via the URI path namespaces/default/formats . The issue involves user-controlled input in that path, allowing an attacker to trigger script execution in a victim’s browser when the vulnerable page is loade...

haproxy security update

1.8.27-5.1 - Reject '' as part of URI path component CVE-2023-45539, RHEL-18168...

BIT-PYTHON-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...