Skip to main content
FailleWeb — Your daily watch on web application security
FailleWeb Web security flaws, every day
CVE WordPress Frameworks Browsers Servers Best practices
Category · 16 articles

Servers

Server-side vulnerability watch: Linux kernel (netfilter, BPF, io_uring), OpenSSH, cPanel/WHM, Plesk, DirectAdmin, Apache, nginx, Postfix, Dovecot, MySQL, PostgreSQL, Redis. CVEs, distro advisories and urgent fixes.

FreeBSD: a confidentiality flaw to fix quickly Servers
6 juillet 2026 ·CERT-FR · 4 min

FreeBSD: a confidentiality flaw to fix quickly

CERT-FR warns of a vulnerability in FreeBSD that could compromise data confidentiality. Patch to be applied quickly.

Read the article
Debian fixes critical Linux kernel flaws to watch Servers
22 juin 2026 ·Debian Security Advisories · 4 min

Debian fixes critical Linux kernel flaws to watch

Debian has released DSA-6355-1 to fix several Linux kernel flaws that could lead to privilege escalation, denial of service, or information leakage.

Read the article
FFmpeg fixes PixelSmash, an RCE threatening Jellyfin Servers
23 juin 2026 ·BleepingComputer · 4 min

FFmpeg fixes PixelSmash, an RCE threatening Jellyfin

FFmpeg fixes PixelSmash, a flaw that could lead to remote code execution on Jellyfin via video decoding. Update recommended.

Read the article
PHP 8.4 fixes several server-side risk vulnerabilities Servers
5 juillet 2026 ·Debian Security Advisories · 4 min

PHP 8.4 fixes several server-side risk vulnerabilities

Debian has released a security fix for PHP 8.4. Several vulnerabilities may affect confidentiality, integrity, and availability.

Read the article
OpenVPN fixes a critical server-side flaw Servers
5 juillet 2026 ·Debian Security Advisories · 4 min

OpenVPN fixes a critical server-side flaw

OpenVPN receives a server-side security fix via Debian. A flaw can expose VPN infrastructures and requires a rapid update.

Read the article
Lantronix EDS5000: critical flaw exploited, CISA warns Servers
25 juin 2026 ·The Hacker News · 4 min

Lantronix EDS5000: critical flaw exploited, CISA warns

CISA is warning about a critically severe flaw being actively exploited in Lantronix EDS5000, with a risk of code execution and device compromise.

Read the article
cURL and libcurl: multiple vulnerabilities to fix on the server side Servers
25 juin 2026 ·CERT-FR · 4 min

cURL and libcurl: multiple vulnerabilities to fix on the server side

CERT-FR warns of several vulnerabilities in cURL and libcurl that could cause denial of service, information disclosure, or other security issues.

Read the article
cpp-httplib: HTTP header injection to fix on the server side Servers
26 juin 2026 ·Ubuntu Security Notices · 4 min

cpp-httplib: HTTP header injection to fix on the server side

A flaw in cpp-httplib allows HTTP header injection via percent-decoding. Exposed C++ servers and tools should be updated.

Read the article
xrdp fixes critical remote pre-auth flaws Servers
26 juin 2026 ·Ubuntu Security Notices · 4 min

xrdp fixes critical remote pre-auth flaws

xrdp fixes several pre-authentication flaws that could lead to code execution or denial of service on Linux servers exposed over RDP.

Read the article
Bad Epoll: CVE-2026-46242 gives root on Linux Servers
4 juillet 2026 ·The Hacker News · 4 min

Bad Epoll: CVE-2026-46242 gives root on Linux

The Linux flaw CVE-2026-46242 allows a local unprivileged user to obtain root privileges on Linux servers and Android devices.

Read the article
Tenable Nessus: SQLi flaws to fix without delay Servers
27 juin 2026 ·CERT-FR · 4 min

Tenable Nessus: SQLi flaws to fix without delay

CERT-FR warns of several vulnerabilities in Tenable Nessus, including SQL injections that could compromise the platform’s integrity.

Read the article
Linux: CVE-2026-46331 opens the way to local root Servers
28 juin 2026 ·The Hacker News · 4 min

Linux: CVE-2026-46331 opens the way to local root

The CVE-2026-46331 flaw in the Linux kernel allows an unprivileged local user to obtain root privileges on affected systems.

Read the article
nghttp2/nghttpx: an HTTP/1.1 flaw can bring down the proxy Servers
3 juillet 2026 ·Ubuntu Security Notices · 4 min

nghttp2/nghttpx: an HTTP/1.1 flaw can bring down the proxy

A flaw in nghttp2/nghttpx allows a remote attacker to cause a denial of service via improperly handled HTTP/1.1 Upgrade requests.

Read the article
LoadMaster: Critical pre-auth root RCE to patch urgently Servers
30 juin 2026 ·The Hacker News · 4 min

LoadMaster: Critical pre-auth root RCE to patch urgently

A critical flaw in Progress Kemp LoadMaster could allow unauthenticated root command execution on the appliance.

Read the article
Citrix NetScaler fixes 6 critical flaws in ADC and Gateway Servers
1 juillet 2026 ·The Hacker News · 4 min

Citrix NetScaler fixes 6 critical flaws in ADC and Gateway

Citrix has released fixes for six flaws in NetScaler ADC and Gateway, including file read and denial-of-service issues on exposed appliances.

Read the article
Argo CD: an unpatched flaw threatens Kubernetes clusters Servers
July 2, 2026 ·The Hacker News · 6 min

Argo CD: an unpatched flaw threatens Kubernetes clusters

An unpatched flaw in the Argo CD repo-server could let an unauthenticated attacker compromise Kubernetes clusters.

Read the article