EUVD-2026-32715

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

SUSE CVE-2026-44728

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

CVE-2026-45935

A flaw was found in the Linux kernel's NTFS3 filesystem driver. Insufficient bounds checking when processing log records in the DeleteIndexEntryRoot function allows a local attacker to provide a maliciously large entry size. This can lead to a heap buffer overflow, a type of memory corruption,...

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

RockyLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:19180)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19180 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

mapfish-print 代码注入漏洞

Mapfish-Print is a JAVA extension library created by individual developers for creating maps-related reports. This extension library is based on Java’s servlet/lib/application framework and can implement a service that receives requests and returns reports. Versions of Mapfish-Print from 3.23.0 t...

PT-2026-44177

Name of the Vulnerable Software and Affected Versions Comet Backup versions prior to 26.4.3 Comet Backup versions prior to 26.5.0 Description Insufficient character filtering in the backup agent signing module allows an authenticated tenant administrator with branding permissions to execute...

CodeWhale 代码注入漏洞

CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale from 0.3.0 to 0.8.23 contain a code injection vulnerability. This vulnerability arises from the runtests tool executing cargo test with ApprovalRequirement::Auto, allowing for the compilation and...

PT-2026-44197

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

AlmaLinux 10 : httpd (ALSA-2026:21433)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21433 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due...

RHEL 10 : httpd (RHSA-2026:21433)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21433 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

Debian dsa-6304 : libunbound-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6304 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6304-1 [email protected] https://www.debian.org/securit...

RHEL 9 : httpd (RHSA-2026:21391)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21391 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

ALSA-2026:21755 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

UBUNTU-CVE-2026-47331

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free UAF and, theoretically, arbitrary code execution...

PT-2026-44480

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Description AppArmor SAUCE patches fail to acquire a lock when modifying a linked list. This allows an unprivileged local user to trigger a race condition, which can lead to a use-after-free UAF—a situation where a...

ALSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...