Linux Distros Unpatched Vulnerability : CVE-2025-59466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - We have identified a bug in Node.js error handling where Maximum call stack size exceeded errors become uncatchable when asynchooks.createHook is enabled. Inste...

PT-2026-2334

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...

Linux Distros Unpatched Vulnerability : CVE-2026-0878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7,...

Linux Distros Unpatched Vulnerability : CVE-2026-0890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and...

Linux Distros Unpatched Vulnerability : CVE-2025-71077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds...

Linux Distros Unpatched Vulnerability : CVE-2026-0880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbir...

Linux Distros Unpatched Vulnerability : CVE-2025-71068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - svcrdma: bound check rqpages index in inline path svcrdmacopyinlinerange indexed rqstp-rqpagesrccurpage without verifying rccurpage stays within the allocated...

Linux Distros Unpatched Vulnerability : CVE-2026-22250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability ...

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

CVE-2024-2731

Users with low privileges all permissions deselected in the administrator permissions settings can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users c...

CVE-2024-2730

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available...

Linux Distros Unpatched Vulnerability : CVE-2025-13034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify...

PT-2026-1521

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...

Linux Distros Unpatched Vulnerability : CVE-2023-54203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1...

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...