TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root

Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root

Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-56025

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

DEBIAN-CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

DEBIAN-CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

DEBIAN-CVE-2026-53185

In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zrambvecwritepartial zramreadpage picks the sync or async backing device read path based on whether the parent bio is NULL. zrambvecwritepartial passes its parent bio down, so for ZRAMWB slots the read...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

DEBIAN-CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

DEBIAN-CVE-2026-52950

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

RockyLinux 9 : nginx:1.24 (RLSA-2026:28212)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLinu...

CVE-2026-8823

Mattermost versions affected are 11.7.x <= 11.7.0 and 10.11.x

EUVD-2026-38248

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

RHSA-2026:27737 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

RHSA-2026:27705 Red Hat Security Advisory: kernel security update

Bulletin has no description...

RHEL 9 : postgresql (RHSA-2026:27741)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27741 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-123 (ALASKERNEL-5.10-2026-123)

The version of kernel installed on the remote host is prior to 5.10.258-257.1041. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-123 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-133 (ALASDOCKER-2026-133)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-133 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...