LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...

PT-2026-51567

Name of the Vulnerable Software and Affected Versions GNU SASL versions prior to 2.2.4 Description The NTLM client lacks sanitization of a short challenge within the gsasl ntlm client step function. This flaw allows a crafted server to cause memory disclosure. Recommendations Update to version...

CVE-2026-45844 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45844 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

Amazon Linux 2 : evince, --advisory ALAS2-2026-3354 (ALAS-2026-3354)

The version of evince installed on the remote host is prior to 3.28.2-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3354 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in...

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

EUVD-2026-38121

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

PT-2026-51159

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...

Astra Linux – Vulnerability in wpa

A vulnerability was discovered in the way p2p/p2ppd.c in wpasupplicant processes P2P Wi-Fi Direct provision discovery requests before version 2.10. This could lead to denial of service or other impacts, potentially including the execution of arbitrary code, if an attacker is within range of the...

Astra Linux – Vulnerability in Chromium

The use of after-free in Cast in Google Chrome before version 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Low...

CVE-2026-12565 Path Traversal (Zip-Slip) in unarchive module

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

ImageMagick < 6.9.13-50 / 7.x < 7.1.2-25 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-50 or 7.x prior to 7.1.2-25. It is, therefore, affected by multiple vulnerabilities, including: - A missing validation in AcquireAlignedMemory could cause memory exhaustion conditions. CVE-2026-53460 - An incorrect loo...

Check Point Gaia Operating System (sk185033)

The version of Gaia Operating System installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the sk185033 advisory. - A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange...

CVE-2026-49061

CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions

CVE-2026-5222 affecting package rust for versions less than 1.90.0-9

CVE-2026-5222 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

Google Chrome < 149.0.7827.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01962725236 advisory. - Use after free in Views in Google Chrome on Windows prior to...

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

Adobe Experience Manager 6.0.0.0 < 6.5.25.0 Multiple Arbitrary code execution (APSB26-57)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-57 advisory. - Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross- Si...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-121 (ALASKERNEL-5.10-2026-121)

The version of kernel installed on the remote host is prior to 5.10.257-254.1015. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-121 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race...

SUSE CVE-2026-11250

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...