EUVD-2026-36432

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

EUVD-2026-36426

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

UBUNTU-CVE-2026-44892

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

CVE-2026-44892 Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

EUVD-2026-36386

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify...

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.3 Vulnerability Details CVEID:CVE-2026-42245 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4,...

[SECURITY] Fedora 43 Update: kernel-7.0.12-101.fc43

The kernel meta package...

[SECURITY] Fedora 43 Update: vaultwarden-web-2026.4.1-1.fc43

Web vault for vaultwarden...

Fedora 43 : weasyprint (2026-2080c5c036)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2080c5c036 advisory. New upstream version which also includes a security update CVE-2026-49452. Tenable has extracted the preceding description block directly from the Fedora...

Adobe Substance 3D Sampler <= 6.0.0 Multiple Arbitrary Code Execution Vulnerabilities (APSB26-60)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 6.0.0. It is, therefore, affected by multiple out-of-bounds write vulnerabilities as referenced in the APSB26-60 advisory. - Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bound...

PT-2026-48900

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description A memory exhaustion issue exists in the Netty HTTP/3 codec. This flaw allows for the creation of an infinite number of blocked streams, which can lead to an Out of Memory OOM error, resulting in...

PT-2026-48907

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

Linux Distros Unpatched Vulnerability : CVE-2026-48748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in th...

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)

According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...

Fedora 45 : kubernetes1.33 (2026-05251d4863)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-05251d4863 advisory. Automatic update for kubernetes1.33-1.33.13-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz2467604...

Low Photon OS Security Update - PHSA-2026-4.0-1032

Updates of 'python3' packages of Photon OS have been released...

CVE-2026-45060

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 129, the actions/progressvideo.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patch...

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...