Linux Distros Unpatched Vulnerability : CVE-2026-47331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race...

RockyLinux 9 : systemd (RLSA-2026:19213)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19213 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

RockyLinux 10 : systemd (RLSA-2026:19068)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19068 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

CVE-2021-4481

CVE-2021-4481 involves Dräger Protector Software, prior to version 6.4.2, which has a local privilege escalation vulnerability caused by insecure file system permissions. According to the connected records, this allows local attackers to replace binaries or loaded modules on the host and execute ...

CVE-2021-4480 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

RLSA-2026:19213 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

systemd security update

An update is available for systemd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux,...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

USN-8372-1: age vulnerability

It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string...

USN-8366-1 luanti vulnerabilities

It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...

USN-8130-2: GStreamer Base Plugins vulnerability

USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use th...

org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data

A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...

CVE-2025-53345 WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

CVE-2025-53345

CVE-2025-53345: A Missing Authorization flaw in ThimPress Thim Core (WordPress plugin) allows arbitrary code execution when a malicious vulnerable plugin is installed, affecting Thim Core up to version 2.3.3. CVSS v3.1 metrics indicate Network attack vector, Low attack complexity, Privileges Requ...

USN-8362-1: XZ Utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...

USN-8362-1 xz-utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...