23224 matches found
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)
The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...
Amazon Linux 2 : perl-Crypt-PasswdMD5, --advisory ALAS2-2026-3343 (ALAS-2026-3343)
The version of perl-Crypt-PasswdMD5 installed on the remote host is prior to 1.3-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3343 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function ...
Amazon Linux 2 : perl, --advisory ALAS2-2026-3352 (ALAS-2026-3352)
The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3352 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested...
Amazon Linux 2 : capstone, --advisory ALAS2-2026-3351 (ALAS-2026-3351)
The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3351 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a...
Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)
The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-120 (ALASECS-2026-120)
The version of ecs-init installed on the remote host is prior to 1.103.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)
The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...
Exploit for CVE-2026-42926
CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...
RHEL 10 : mod_http2 (RHSA-2026:22528)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22528 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP...
Debian dsa-6323 : apache2 - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6323 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6323-1 [email protected] https://www.debian.org/security/...
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
CVE-2025-54518
A flaw was found in AMD Zen 2-based processors, affecting components such as the kernel and Xen hypervisor. Improper isolation of shared resources within the CPU operation cache could allow an attacker to corrupt instructions executed at a different privilege level. This could potentially result ...
CVE-2026-6395
The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...
CVE-2026-46685
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...
CVE-2026-45044
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...
CVE-2026-45042
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...
CVE-2026-44237
FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...
CVE-2026-41526 affecting package kf-kcoreaddons for versions less than 5.249.0-2
CVE-2026-41526 affecting package kf-kcoreaddons for versions less than 5.249.0-2. A patched version of the package is available...
CVE-2026-39882 affecting package containerd2 for versions less than 2.2.4-2
CVE-2026-39882 affecting package containerd2 for versions less than 2.2.4-2. A patched version of the package is available...
CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2
CVE-2026-33814 affecting package containerd2 for versions less than 2.2.4-2. A patched version of the package is available...