PT-2026-44528

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 23.4.0 through 23.26.2 Description An issue exists in the Net Service component of Oracle Database Server. An unauthenticated attacker with network access via TLS can exploit this flaw to compromise the Net...

PT-2026-44532

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

PT-2026-44507

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...

IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...

Linux Distros Unpatched Vulnerability : CVE-2026-44983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...

pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Security vulnerabilities exist in versions 2.9.0 to 2.12.1 of pyjwt. These vulnerabilities arise when the jwt.decode or jwt.decodecomplete function is called...

RockyLinux 9 : libssh (RLSA-2026:18683)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18683 advisory. libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878...

PT-2026-44247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The issue exists in the isofs module where isofs fh to dentry and isofs fh to parent pass an attacker-controlled block numbe...

PT-2026-44262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the SMB client, the build sec desc function uses a buffer allocated with kmalloc, which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces...

CVE-2026-46018

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA USB audio driver. A malicious Universal Serial Bus USB audio device could send a malformed Universal Audio Class 2 UAC2 RANGE response. This could cause the system to repeatedly print error messages and potentially lead...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +235 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:PYSEC-2026-188...

CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

UBUNTU-CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

EUVD-2026-32629

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

bsky2llm (=0.1.0), downitall-android (=1.5.0) +14 more potentially affected by CVE-2026-44353 via streamlink (>=0.14.2 <=8.0.0)

streamlink PYPI version =0.14.2, =0.3.0, =0.0.1, =0.0.18, =1.0.0, =0.12.0, =0.1.14, =1.1.0, =0.0.1, =2.1.0, =3.4.0b2 - twitch-fapi-backend =0.1.0 and more Source cves: CVE-2026-44353 Source advisory: OSV:PYSEC-2026-180...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

CVE-2026-7524

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...