openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20775-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20775-1 advisory. Changes in chromium: - Chromium 148.0.7778.178 boo1265848 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in...

PT-2026-45147

Name of the Vulnerable Software and Affected Versions MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description A user granted EXECUTE access to a stored routine through a role can view the routine definition, even if th...

SourceCodester eDoc Doctor Appointment System 安全漏洞

SourceCodester eDoc Doctor Appointment System is an open-source appointment system for doctors developed by SourceCodester. Version 1.0 of the SourceCodester eDoc Doctor Appointment System contains a security vulnerability. This vulnerability stems from incorrect parameter handling in the...

PT-2026-45150

Name of the Vulnerable Software and Affected Versions MariaDB server versions 3.3.18 MariaDB server versions 3.4.8 Description An issue exists where applications using the big5 character set and text protocol are susceptible to SQL injections. This occurs when non-validated user input is processe...

OPENSUSE-SU-2026:10860-1 hplip-3.26.4-1.1 on GA media

These are all security issues fixed in the hplip-3.26.4-1.1 package on the GA media of openSUSE Tumbleweed...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities, which were caused by logical issues and could allow applications to access sensitive user data...

Velocity.js 安全漏洞

Velocity.js is a JavaScript implementation of the Apache Velocity template engine developed by Eward. Versions of Velocity.js 2.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution during the processing of set directives. Attackers could modif...

openSUSE 16 Security Update : perl-HTTP-Tiny (openSUSE-SU-2026:20792-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20792-1 advisory. Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent...

Important: rclone

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Fedora 44 : pie (2026-3d8d946f69)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

RockyLinux 8 : kernel (RLSA-2026:19666)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19666 advisory. kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from improper handling of the executecode function in the Environment Variable Handler...

USN-8291-2 linux-lowlatency-hwe-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - iouring subsystem; CVE-2024-35862, CVE-2024-50060, CVE-2026-23274,...

CLSA-2026-1779434490 kernel: Fix of 100 CVEs

tracing: Verify event formats that have "%p.." CVE-2025-37938 - HID: pidff: Fix null pointer dereference in pidfffindfields CVE-2025-37862 - scsi: st: Fix array overflow in stsetup CVE-2025-37857 - drm/amdkfd: debugfs hanghws skip GPU with MES CVE-2025-37853 - mm/vmscan: don't try to reclaim...

Linux Distros Unpatched Vulnerability : CVE-2026-42783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42783 Note that Nessus relies on the...

CVE-2026-48245 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php

Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...

tigervnc security update

An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Virtual Network Computing VNC is a remote display system which allows users ...

PT-2026-42448

Concurrency and locking defects in GSS-TSIG...

PT-2026-42807

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.4 Description Namespaces in OpenBao are designed to provide multi-tenant separation. However, a tenant that leaks lease identifiers may allow a user from another tenant to revoke or renew their lease and underlyin...