Servers
Server-side vulnerability watch: Linux kernel (netfilter, BPF, io_uring), OpenSSH, cPanel/WHM, Plesk, DirectAdmin, Apache, nginx, Postfix, Dovecot, MySQL, PostgreSQL, Redis. CVEs, distro advisories and urgent fixes.
Servers FreeBSD: a confidentiality flaw to fix quickly
CERT-FR warns of a vulnerability in FreeBSD that could compromise data confidentiality. Patch to be applied quickly.
Read the article
Servers Debian fixes critical Linux kernel flaws to watch
Debian has released DSA-6355-1 to fix several Linux kernel flaws that could lead to privilege escalation, denial of service, or information leakage.
Read the articleFFmpeg fixes PixelSmash, an RCE threatening Jellyfin
FFmpeg fixes PixelSmash, a flaw that could lead to remote code execution on Jellyfin via video decoding. Update recommended.
Read the article
Servers PHP 8.4 fixes several server-side risk vulnerabilities
Debian has released a security fix for PHP 8.4. Several vulnerabilities may affect confidentiality, integrity, and availability.
Read the article
Servers OpenVPN fixes a critical server-side flaw
OpenVPN receives a server-side security fix via Debian. A flaw can expose VPN infrastructures and requires a rapid update.
Read the article
Servers Lantronix EDS5000: critical flaw exploited, CISA warns
CISA is warning about a critically severe flaw being actively exploited in Lantronix EDS5000, with a risk of code execution and device compromise.
Read the article
Servers cURL and libcurl: multiple vulnerabilities to fix on the server side
CERT-FR warns of several vulnerabilities in cURL and libcurl that could cause denial of service, information disclosure, or other security issues.
Read the article
Servers cpp-httplib: HTTP header injection to fix on the server side
A flaw in cpp-httplib allows HTTP header injection via percent-decoding. Exposed C++ servers and tools should be updated.
Read the article
Servers xrdp fixes critical remote pre-auth flaws
xrdp fixes several pre-authentication flaws that could lead to code execution or denial of service on Linux servers exposed over RDP.
Read the article
Servers Bad Epoll: CVE-2026-46242 gives root on Linux
The Linux flaw CVE-2026-46242 allows a local unprivileged user to obtain root privileges on Linux servers and Android devices.
Read the article
Servers Tenable Nessus: SQLi flaws to fix without delay
CERT-FR warns of several vulnerabilities in Tenable Nessus, including SQL injections that could compromise the platform’s integrity.
Read the article
Servers Linux: CVE-2026-46331 opens the way to local root
The CVE-2026-46331 flaw in the Linux kernel allows an unprivileged local user to obtain root privileges on affected systems.
Read the article
Servers nghttp2/nghttpx: an HTTP/1.1 flaw can bring down the proxy
A flaw in nghttp2/nghttpx allows a remote attacker to cause a denial of service via improperly handled HTTP/1.1 Upgrade requests.
Read the article
Servers LoadMaster: Critical pre-auth root RCE to patch urgently
A critical flaw in Progress Kemp LoadMaster could allow unauthenticated root command execution on the appliance.
Read the article
Servers Citrix NetScaler fixes 6 critical flaws in ADC and Gateway
Citrix has released fixes for six flaws in NetScaler ADC and Gateway, including file read and denial-of-service issues on exposed appliances.
Read the article
Servers Argo CD: an unpatched flaw threatens Kubernetes clusters
An unpatched flaw in the Argo CD repo-server could let an unauthenticated attacker compromise Kubernetes clusters.
Read the article