855 matches found
EUVD-2026-43085
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....
Linux Distros Unpatched Vulnerability : CVE-2026-45097
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - fastdds - None Ubuntu Linux - Unknown description CVE-2026-45097 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-45094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - fastdds - None Ubuntu Linux - Unknown description CVE-2026-45094 Note that Nessus relies on the presence of the package as reported by the vendor...
EUVD-2026-41463
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025....
CVE-2026-13053
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025....
CVE-2026-13053
WatchGuard Fireware OS has an authenticated out-of-bounds write vulnerability in the CLI command handler (CVE-2026-13053). A privileged, authenticated attacker could trigger code execution via a crafted CLI input. Affected versions include Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–...
PT-2026-55336
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2025.6.2 Description An issue exists in the backup/restore feature where firmware...
CVE-2026-55957
CVE-2026-55957 describes an authentication bypass in Apache Tomcat when JNDIRealm is configured to authenticate binds using GSSAPI, allowing attackers to authenticate without the correct password. Affected releases include Tomcat 11.0.0-M1–11.0.4, 10.1.0-M1–10.1.36, 9.0.0.M1–9.0.100, 8.5.0–8.5.10...
CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...
CVE-2026-12789
The CVE concerns ILIAS Learning Management System 11.0. The vulnerability affects the function ilTrQuery::executeQueries (file: components/ILIAS/Tracking/classes/class.ilTrQuery.php) in the Learning Progress Tracking component. The issue arises from manipulation of the troup_table_nav argument, l...
EUVD-2026-37831
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
Linux Distros Unpatched Vulnerability : CVE-2025-55642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c. CVE-2025-55642 Note that Nessus relies...
PT-2026-48409
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...
Medium: mariadb1011
Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
Linux Distros Unpatched Vulnerability : CVE-2026-48104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by...
Astra Linux – Vulnerability in glusterfs
In Gluster GlusterFS 11.0, there is a stack-based buffer over-read issue in xlators/mount/fuse/src/fuse-bridge.c...
Linux Distros Unpatched Vulnerability : CVE-2026-45698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45698 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-44060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI wri...
GHSA-FV25-8XCX-GQJC Apache Tomcat - WebSocket authentication header exposure
Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.2 to 9.0.117 Older, unsupported versions may also be affected Description: If a WebSocket request was redirected after authentication, Tomcat's WebSocket client would present the most recent...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2026-1188]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...