CVE-2026-53692

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

Exploit for CVE-2026-31694

FUSE readdir cache out-of-bounds write PoC Local proof of con...

CVE-2026-53692 Weak hashing algorithm in Redeight CMS

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

CVE-2026-53692

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

Exploit for Use After Free in Google Android

Root Sonim XP3800 Root access for the Sonim XP3800 XP3plus...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses pdfminersix-20251107-py3-none-any.whl, requests-2.32.5-py3-none-any.whl, langchaincore-0.3.81-py3-none-any.whl, pythondotenv-1.0.1-py3-none-any.whl, langchaintextsplitters-0.3.11-py3-none-any.whl, qs-6.15.1.tgz, idna-3.10-py3-none-any.whl, idna-3.14-py3-none-any.whl...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses accelerate-1.6.0-py3-none-any.whl, protobuf-4.25.8-cp37-abi3-manylinux2014x8664.whl, pillow-10.3.0-cp311-cp311-manylinux228x8664.whl, langchain-0.3.23-py3-none-any.whl, nltk-3.9.1-py3-none-any.whl, langchaincore-0.3.81-py3-none-any.whl,...

Security Bulletin: IBM Maximo Application Suite uses urllib3-2.6.3-py3-none-any.whl which is vulnerable to CVE-2026-44431 and CVE-2026-44432.

Summary IBM Maximo Application Suite uses urllib3-2.6.3-py3-none-any.whl which is vulnerable to CVE-2026-44431 and CVE-2026-44432. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client...

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

Exploit for Prototype Pollution in N8N

CVE-2026-44789 — n8n HTTP Request Node Pagination Prototype Po...

SUSE CVE-2026-47778

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .cstr before bei...

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

EUVD-2026-40234

Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...

PT-2026-53758

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFE NO PROTOCOL RE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decode...

Security update for python-paramiko (moderate)

openSUSE security update: security update for python-paramiko ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21127-1 Rating: moderate References: bsc1264225 Cross-References: CVE-2026-44405 CVSS scores: CVE-2026-44405 SUSE : 4.8...

Security update for perl-Cpanel-JSON-XS (critical)

openSUSE security update: security update for perl-cpanel-json-xs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21140-1 Rating: critical References: bsc1249331 bsc1267546 bsc1267547 Cross-References: CVE-2025-40929 CVE-2026-9334 CVE-2026-9516 CVSS...

Security update for python-PyJWT (important)

openSUSE security update: security update for python-pyjwt ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21095-1 Rating: important References: bsc1266798 bsc1266799 bsc1266800 bsc1266801 bsc1266802 Cross-References: CVE-2026-48522 CVE-2026-48523...