PT-2026-44980

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description The JavaScript sandbox worker fails to properly block dynamic import calls due to an insufficient regular expression. The regex /bimports/.testcode only accounts for ASCII whitespace and does...

RHEL 9 : cockpit (RHSA-2026:21392)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21392 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Linux Distros Unpatched Vulnerability : CVE-2026-44466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrar...

RockyLinux 8 : cockpit (RLSA-2026:21700)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

RockyLinux 10 : edk2 (RLSA-2026:18465)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18465 advisory. edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : cockpit (ALSA-2026:21700)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

USN-8342-1 vim vulnerability

It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...

CVE-2026-44462

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

CVE-2026-44462 Zed: Allowlist Bypass via Bash Variable Expansion Chain in Terminal Tool Permissions

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

RLSA-2026:19224 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 8 : cockpit (RHSA-2026:21700)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21700 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

AlmaLinux 9 : cockpit (ALSA-2026:21468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21468 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

RHEL 10 : cockpit (RHSA-2026:21676)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21676 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

PT-2026-44548

A High severity Server-Side Template Injection SSTI vulnerability exists in the trestle author jinja command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads in...

RHEL 8 : cockpit (RHSA-2026:21516)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21516 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

RHEL 9 : cockpit (RHSA-2026:21647)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21647 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...