Linux Distros Unpatched Vulnerability : CVE-2026-12446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Passwords. CVE-2026-12446 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 ...

CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

BIT-GITLAB-2026-9204 Server-Side Request Forgery (SSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources...

EUVD-2026-36365

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

CVE-2026-45642

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...

ROS-20260610-73-0019

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

CVE-2026-0417 Insufficient input validation in certain NETGEAR routers

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...

USN-8411-1 node-lodash vulnerabilities

It was discovered that Lodash was vulnerable to a prototype pollution issue in the zipObjectDeep function. An attacker could possibly use this issue to modify application behavior. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-8203 Liyuan Chen discovered that Lodash was...

NETGEAR多款产品 输入验证错误漏洞

NETGEAR RAX120 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have a vulnerability related to input validation errors. This vulnerability stems from insufficient authentication and input validation, which may allow users with local network access to execu...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

ROS-20260605-73-0056

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

SAMSUNG Plus TV 安全漏洞

SAMSUNG Plus TV is a free advertising-supported streaming television platform developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Plus TV prior to 1.0.28.6 contained security vulnerabilities, which were caused by improper input validation. These vulnerabilities could allow remote...

CVE-2026-11031

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Medium...

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

EUVD-2026-34074

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

CVE-2026-35078 Arbitrary file delete vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

EUVD-2026-34073

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...