YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled...

PT-2026-42425

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.0 through 4.4.2 Description An integer underflow occurs in the volxlate function. This allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption by providing...

PT-2026-42410

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.2.2 Description The DHCAST128 UAM User Authentication Module uses a broken cryptographic algorithm. This allows a remote attacker to perform a cryptanalytic attack to obtain authentication credentials or...

ISC BIND 9.11.0 < 9.18.49 / 9.11.3-S1 < 9.18.49-S1 / 9.18.0 < 9.18.49 / 9.18.11-S1 < 9.18.49-S1 / 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Assertion Failure (cve-2026-5946)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5946 advisory. - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN for...

PT-2026-41151

Name of the Vulnerable Software and Affected Versions go-billy versions prior to 5.9.0 Description Multiple path traversal issues exist across different components of the software due to insufficient path sanitization and boundary enforcement. This allows crafted paths, such as those using .., to...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected...

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

Low: atop

Issue Overview: atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160 Affected Packages: atop...

Oracle Linux 10 : python-tornado (ELSA-2026-13641)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13641 advisory. 6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934 Tenable has extracted the preceding description block directly from the Oracle Linux security...

PT-2026-37147

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description Several administrative operations within the preferences module are executed via GET requests without CSRF token validation. This allows an attacker to force an authenticated administrator to trigger...

Debian dla-4525 : libyaml-syck-perl - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4525 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4525-1 [email protected]...

PT-2026-33509

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An open source RDP server contains a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation. This occurs due to insufficient validation of client-controlled size...

Siemens SCALANCE

SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2026:1199-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1199-1 advisory. - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Tenable has extracted the preceding description block directly fr...

Debian dla-4514 : gir1.2-gst-plugins-base-1.0 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4514 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4514-1 [email protected] https://www.debian.org/lts/security/...