EUVD-2026-34164

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

CVE-2026-42502 affecting package kubernetes for versions less than 1.30.10-25

CVE-2026-42502 affecting package kubernetes for versions less than 1.30.10-25. A patched version of the package is available...

CVE-2026-40547

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

PT-2026-45357

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/upload backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8

CVE-2026-39829 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-39828 affecting package packer for versions less than 1.9.5-14

CVE-2026-39828 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...

CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

CVE-2026-39821 affecting package skopeo for versions less than 1.14.4-11

CVE-2026-39821 affecting package skopeo for versions less than 1.14.4-11. A patched version of the package is available...

GitLab 17.1 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-1402)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2026-1402 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown raw HTML allowed vulnerability discovered by ? in WordPress Npm md-fileserver versions 1.10.3...

Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 114. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 115...

CVE-2026-46333 affecting package kernel for versions less than 6.6.139.1-1

CVE-2026-46333 affecting package kernel for versions less than 6.6.139.1-1. A patched version of the package is available...

CVE-2026-45942 affecting package kernel for versions less than 6.6.139.1-1

CVE-2026-45942 affecting package kernel for versions less than 6.6.139.1-1. A patched version of the package is available...

CVE-2024-38635 affecting package kernel for versions less than 6.6.139.1-1

CVE-2024-38635 affecting package kernel for versions less than 6.6.139.1-1. A patched version of the package is available...

CVE-2026-41602 affecting package telegraf for versions less than 1.31.0-20

CVE-2026-41602 affecting package telegraf for versions less than 1.31.0-20. A patched version of the package is available...

CVE-2026-6473 affecting package postgresql for versions less than 16.14-1

CVE-2026-6473 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44898 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

CVE-2026-35469 affecting package docker-buildx for versions less than 0.14.0-12

CVE-2026-35469 affecting package docker-buildx for versions less than 0.14.0-12. A patched version of the package is available...