Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2026-1756)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1756 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep...

OPENSUSE-SU-2026:10755-1 opa-1.16.2-1.1 on GA media

These are all security issues fixed in the opa-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в unbound

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2026-108-01)

The version of tigervnc installed on the remote host is prior to 1.16.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-108-01 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

EUVD-2026-16468

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...

Slackware Linux 15.0 / current tigervnc Vulnerability (SSA:2026-085-01)

The version of tigervnc installed on the remote host is prior to 1.16.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-085-01 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

PT-2026-28618

Name of the Vulnerable Software and Affected Versions TigerVNC versions prior to 1.16.2 Description The software contains a flaw in the Image.cxx file within the x0vncserver component. Incorrect permissions allow other users to potentially observe or manipulate the screen content, or cause the...

CLEANSTART-2025-OB44035 Security fixes for CVE-2025-61729, GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 1.16.2-r2

Multiple security vulnerabilities affect the velero-fips package. These issues are resolved in later releases. See references for individual CVE and GHSA details...

MiracleLinux 9 : unbound-1.16.2-18.el9_6 (AXSA:2025-10520:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10520:03 advisory. unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 Tenable has extracted the preceding description block directly from the...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...

EUVD-2021-34105

Malicious code in bioql PyPI...

EUVD-2023-51941

Malicious code in bioql PyPI...

EUVD-2022-53220

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-49297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in...

Linux Distros Unpatched Vulnerability : CVE-2020-5259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties...

Linux Distros Unpatched Vulnerability : CVE-2022-30698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

CVE-2023-22427

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script...