Linux Distros Unpatched Vulnerability : CVE-2026-11177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentiall...

Linux Distros Unpatched Vulnerability : CVE-2026-11267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension ...

SUSE CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

Linux Distros Unpatched Vulnerability : CVE-2026-28955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

CVE-2026-5419

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

CVE-2026-37713

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

Linux Distros Unpatched Vulnerability : CVE-2026-44421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP...

Linux Distros Unpatched Vulnerability : CVE-2026-9936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform ...

Linux Distros Unpatched Vulnerability : CVE-2026-9964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute...

USN-8325-1: tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

CVE-2026-45968

cpuidle: Skip governor when only one idle state is available...

Linux Distros Unpatched Vulnerability : CVE-2026-45843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via...

CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-6841

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

CVE-2026-44066

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...

CVE-2026-44062

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...

GHSA-65PC-FJ4G-8RJX vulnerabilities

Vulnerabilities for packages: kubeflow-katib, reflex, kubeflow-volumes-web-app, airflow, ggshield, httpie, confluent-docker-utils, superset, jupyter-base-notebook, kserve, jwt-tool, mlflow, open-webui, py3-pip, semgrep, tensorflow-cpu-jupyter, kubeflow-pipelines, datadog-agent,...

CVE-2026-45624

Unknown description...