1059 matches found
CVE-2026-27651
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
CVE-2026-27651
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability
When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...
K000160383: NGINX ngx_mail_auth_http_module vulnerability CVE-2026-27651
Security Advisory Description When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by...
Linux Distros Unpatched Vulnerability : CVE-2026-27651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue ma...
PT-2026-27429
Name of the Vulnerable Software and Affected Versions NGINX Open Source affected versions not specified NGINX Plus affected versions not specified Description When the ngx mail auth http module module is enabled, certain undisclosed requests can lead to the termination of worker processes. This...
PT-2026-27629
Name of the Vulnerable Software and Affected Versions PinchTab versions 0.8.3 through 0.8.5 Description PinchTab versions 0.8.3 through 0.8.5 contain a security bypass that allows arbitrary JavaScript execution through the POST /wait and POST /tabs/id/wait API endpoints when using fn mode, even i...
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the dvbdvropen function incorrectly reinitializing the circular buffer in the wait queue,...
CVE-2026-28462
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
CVE-2026-28462
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
EUVD-2026-9908
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
CVE-2026-28462 OpenClaw < 2026.2.13 - Path Traversal in Trace and Download Output Paths
OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining writes to temporary directories. Attackers with API access can exploit path traversal in POST...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005745)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005745 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005805)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005805 advisory. In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005580)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005580 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc...
CVE-2026-27578
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...
CVE-2026-27578
Summary of CVE-2026-27578 (n8n): An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by n8n across multiple nodes (Form Trigger, Chat Trigger, Send & Wait, Webhook, Chat Node). This leads to client-side script execution in other u...
CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...