CVE-2026-10885

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504072665...

CVE-2026-10896

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...

CVE-2026-44209

A flaw was found in banks. This vulnerability, known as Server-Side Template Injection SSTI, allows a remote attacker to achieve Remote Code Execution RCE on the host system. This occurs when applications using banks pass user-supplied strings directly as template arguments to the Prompt function...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

EUVD-2026-34918

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

PT-2026-47127

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...

EulerOS Virtualization 2.12.0 : python-ply (EulerOS-SA-2026-2112)

According to the versions of the python-ply packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

EulerOS Virtualization 2.10.1 : python-ply (EulerOS-SA-2026-2035)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

RHEL 9 : flatpak (RHSA-2026:23419)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23419 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

PT-2026-47155

Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description A sandbox escape exists in the agent component due to a symlink canonicalization failure combined with a writable working directory. This allows the agent to bypass sandbox restrictions and...

PT-2026-47154

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0 Description A flaw exists in the agent terminal command sandbox that allows for sandbox escape via path traversal. The issue stems from improper input validation of the working directory parameter, which fails to...

RHEL 8 : httpd:2.4 (RHSA-2026:22140)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22140 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

RHEL 10 : unbound (RHSA-2026:23231)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23231 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash...

Debian dsa-6318 : gstreamer1.0-gtk3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6318 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6318-1 [email protected] https://www.debian.org/securit...

EulerOS Virtualization 2.13.1 : python-ply (EulerOS-SA-2026-2145)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

EulerOS Virtualization 2.12.1 : python-ply (EulerOS-SA-2026-2087)

According to the versions of the python-ply packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

EulerOS Virtualization 2.13.0 : python-ply (EulerOS-SA-2026-2184)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

RHEL 9 : flatpak (RHSA-2026:23418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23418 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...