PT-2026-36613

Date: May 2, 2026 Status: ACTIVE GLOBAL EXPLOITATION / MASSIVE RCE WAVE Target: CrushFTP Enterprise Managed File Transfer All versions prior to 11.1.0 Severity: 10.0 MAXIMUM CRITICAL Unauthenticated Remote Code Execution / VFS Escape 1. Analysis: Why "VFS-Shatter" is Today’s Apex Threat While the...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-9858:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9858:01 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive header...

EUVD-2010-4357

Malware in sbrugna...

delve and golang security update

An update is available for delve, golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Delve is a debugger for the Go programming language. The goal of the...

CVE-2025-54107

CVE-2025-54107 involves the Windows MapUrlToZone component with improper resolution of path equivalence, enabling circumvention of a security feature over a network. The entry lists CVSS 3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (base 4.3, MEDIUM) and notes a network-exposed vector with no privileg...

go-toolset:rhel8 security update

An update is available for module.go-toolset, golang, module.delve, go-toolset, module.golang, delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Security: CVE-2025-22870: Fix proxy bypassing using IPv6 zone IDs bsc1238686 CVE-2023-45288: Fix HTTP/2 CONTINUATION flood in net/http bsc1236516 Patch Instructions: To install this SUSE update use the SUSE...

Security update for apptainer

This update for apptainer fixes the following issues: CVE-2025-27144: Fixed Denial of Service in Go JOSE's Parsing bsc1237679. CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content bsc1234794. CVE-2024-45337: Fixed Misuse of ServerConfig.PublicKeyCallback m...

Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9658/info Microsoft Internet Explorer has been reported prone to a vulnerability that may permit hostile content to be interpreted in the Local Zone. The issue may be exploited via the ITS InfoTech Storage Protocol URI...

Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6028/info Multiple vulnerabilities have been reported for Microsoft Internet Explorer. These vulnerabilities have been reported to affect Internet Explorer 5.5 to 6.0. Internet Explorer 6.0 with Service Pack 1 and Interne...

Internet Explorer 5/6 file:// Request Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the...

MS Internet Explorer (<= XP SP2) HTML Help Control Local Zone Bypass

No description provided by source. // sp2rc.htm // OBJECT id="localpage" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" height=7% style="position:absolute;top:140;left:72;z-index:100;" codebase="hhctrl.ocxVersion=5,2,3790,1194" width="7%"...

Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a zone-bypass vulnerability because the browser returns erroneous IOleClientSite when dynamically creating an embedded object. This could cause malicious script code to be executed in a security zone with fewer restrictions than the zone that th...

Microsoft Internet Explorer URI Decoding Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability related to URI decoding. A bug in how the browser parses encoded URI data may allow zone bypass. As a result, it is possible to force the browser to interpret Web content in the Local Zone. This could be exploited to execute...

Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass

Microsoft Internet Explorer Windows XP SP2 - HTML Help Control Local Zone Bypass // sp2rc.htm // localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt // Dim Conn, rs Set Conn = CreateObject"ADODB.Connection" Conn.Open "Driver=Microsoft Text Driver .txt; .csv;" & "Dbq=http://server;"...

Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass

// sp2rc.htm // localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt // Dim Conn, rs Set Conn = CreateObject"ADODB.Connection" Conn.Open "Driver=Microsoft Text Driver .txt; .csv;" & "Dbq=http://server;" & "Extensions=asc,csv,tab,txt;" & "Persist Security Info=False" Dim sql sql =...

CVE-2003-1107

The DHTML capability in Microsoft Windows Media Player WMP 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions...

Microsoft Internet Explorer 6 - Double Slash Cache Zone Bypass

Microsoft Internet Explorer 6 - Double Slash Cache Zone Bypass source: https://www.securityfocus.com/bid/8980/info A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by includin...

CVE-2003-0309

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause...

Internet Explorer file:// Request Zone Bypass Vulnerability

Description Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be executed in the Local Computer zone...