Important: Red Hat Security Advisory: RHACS 4.10.2 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

PT-2026-38174

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read in Codecs allows a remote attacker to obtain potentially sensitive information from process memory by using a malicious file. An out of bounds read occurs when a...

PT-2026-38198

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cast allows an attacker on the local network segment to bypass the same origin policy via malicious network traffic. The same origin policy...

bubblewrap-0.11.2-1.1 on GA media (moderate)

bubblewrap-0.11.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10671-1 Rating: moderate Cross-References: CVE-2026-41163 CVSS scores: CVE-2026-41163 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-41163 SUSE : 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N...

PT-2026-36908

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...

Debian dsa-6239 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6239 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected]...

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...

Medium: tomcat-native

Issue Overview: CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115;...

Fedora 44 : mapserver (2026-b5a2da2c73)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5a2da2c73 advisory. Update to mapserver 8.6.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

[SECURITY] Fedora 42 Update: python3-docs-3.13.13-1.fc42

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...

Fedora 42 : pie (2026-3b2063832d)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b2063832d advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011076)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011076 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...

SKYSEA Client View and SKYMEC IT Manager improper file access permission settings

Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...

Linux Distros Unpatched Vulnerability : CVE-2026-35512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to...

Fedora 42 : libpng15 (2026-4e514c1c36)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4e514c1c36 advisory. fix CVE-2026-25646: heap buffer overflow in pngsetquantize Tenable has extracted the preceding description block directly from the Fedora security advisory...

[SECURITY] Fedora 44 Update: kf6-solid-6.25.0-1.fc44

Solid provides the following features for application developers: - Hardware Discovery - Power Management - Network Management...

[SECURITY] Fedora 44 Update: kf6-kitemmodels-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with item models...

[SECURITY] Fedora 44 Update: kf6-kcodecs-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with string manipulation methods...