Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004876)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004876 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ipvscleanupbatch During the initialization of ipvsconnnetinit, if file...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004830 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls...

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37878)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37878 advisory. - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent f...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21707)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21707 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTC...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37792)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37792 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57906)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57906 advisory. - In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information le...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38231)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38231 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwo...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47728)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47728 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args i...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38078)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38078 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at...

Arbitrary Code Injection

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...

GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

vLLM affected by RCE via auto_map dynamic module loading during model initialization

Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...

ROS-20260121-73-0015

A vulnerability in the KVM component of the Linux operating system kernel is related to memory initialization errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

MiracleLinux 9 : kernel-5.14.0-427.40.1.el9_4 (AXSA:2024-8938:33)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8938:33 advisory. kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: netfilter: nftflowoffload: reset dst in route object after...

ImageMagick security vulnerabilities

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-13 contained security vulnerabilities, which stemmed from improper initialization of buffers,...

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2022-3591:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3591:01 advisory. modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786 modauthopenidc: hardcoded static IV and AAD with a reused key in AES GCM...

MiracleLinux 8 : linux-firmware-20240610-122.git90df68d2.el8_10 (AXSA:2024-8543:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8543:07 advisory. kernel: Reserved fields in guest message responses may not be zero initialized CVE-2023-31346 Tenable has extracted the preceding description block directly...

ROS-20260120-7336

A vulnerability in the hclgeptpgetcycle function of the Linux operating system kernel is related to incorrect resource initialization. Exploitation of the vulnerability could allow an attacker to cause a denial of service...