Amazon Linux 2023 : php8.5, php8.5-bcmath, php8.5-cli (ALAS2023-2026-1733)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1733 advisory. uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2026-41218 BIG-IP PEM iRules vulnerability

When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End...

CVE-2026-40629 BIG-IP SSL/TLS vulnerability

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000158978: BIG-IP SSL/TLS vulnerability CVE-2026-40629

Security Advisory Description When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. CVE-2026-40629 Impact Traffic is disrupted for new client connections. This vulnerability allows a remote, unauthenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-43421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysf...

Linux Distros Unpatched Vulnerability : CVE-2026-31537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger...

Fedora 43 : rpki-client (2026-27892c9184)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-27892c9184 advisory. rpki-client 9.8 - Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. - Fixed an...

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

EUVD-2026-24951

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

USN-8155-1: OpenSSL vulnerabilities

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. CVE-2026-2673 Igor Morgenstern...

PT-2026-27614

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server is a high-performance server for NATS.io, a cloud and edge native messaging system. When using Access Control Lists ACLs on message subjects,...

MiracleLinux 4 : mysql-5.1.73-3.0.1.AXS4 (AXSA:2014-043:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-043:01 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...

MiracleLinux 7 : rh-mariadb101-mariadb-10.1.19-6.el7 (AXSA:2016-1178:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1178:02 advisory. MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation...

CVE-2018-14557

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A buffer overflow vulnerability exists in the router's web server httpd. When processing the pa...

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

CVE-2019-20878

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled...

CVE-2019-20847

An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a usertyping WebSocket event to any channel...

CVE-1999-0737

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...

CVE-1999-0736

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...