CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

PT-2026-43390

CISA added an actively exploited Drupal SQL injection to its KEV catalog and gave federal agencies until Wednesday evening to patch. If you're running Drupal in production and haven't patched CVE-2025-50329, you're exposed to trivial database compromise. No auth required. cybersecurity infosec...

Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

Security update for buildah

This update for buildah rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.4...

Security update for vim

This update for vim fixes the following issues: Update to version 9.2.0280. CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead to...

CVE-2026-40105

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

PT-2026-30802

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions prior to 10.97.3 Mitsubishi Electric ICONICS Suite versions prior to 10.97.3 Mitsubishi Electric MobileHMI versions prior to 10.97.3 Mitsubishi Electric Hyper Historian versions prior to 10.97.3 Mitsubish...

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-2245

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

PT-2026-6803

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions prior to 25.3.2 BeyondTrust Privileged Remote Access versions prior to 25.1.1 Description BeyondTrust Remote Support and Privileged Remote Access contain a critical pre-authentication remote code execution...

Ghost vulnerable to XSS via malicious Portal preview links

Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

PT-2026-26014

Name of the Vulnerable Software and Affected Versions Citrix XenServer version 8.4 Description The Intel EPT paging code includes an optimization that defers flushing of cached EPT state until the p2m lock is released. However, the freeing of paging structures is not deferred, potentially leading...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-2469)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself ...

Python DoS Vulnerability (Oct 2025) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

PT-2025-54475

Name of the Vulnerable Software and Affected Versions golang.org/x/net/html affected versions not specified Description The html.Parse function can enter an infinite parsing loop when processing specific HTML inputs. This can result in a denial of service DoS if an attacker provides crafted HTML...

Exploit for CVE-2021-1675

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng @edwardzpeng & Xuefeng Li @lxf02942370 Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Patch update Microsoft has released a patch to...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1 builddeps:...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

Linux Distros Unpatched Vulnerability : CVE-2021-47589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - igbvf: fix double free in igbvfprobe In igbvfprobe, if registernetdev fails, the program will go to label errhwinit, and then to label errioremap. In freenetdev...