5644 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-45135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in...
Astra Linux – Vulnerability in Firefox, Thunderbird
An attacker could have placed a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...
Astra Linux – Vulnerability in GIMP
GIMP ICO File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...
Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)
Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...
CVE-2026-50643
8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line...
mysql: JSON unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...
Exploit for CVE-2026-42945
CVE-2026-42945 NGINX Rift RCE PoC with Reverse Shell Remote...
Linux Distros Unpatched Vulnerability : CVE-2026-45490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Note that Nessus relies on the presence of the packag...
CVE-2026-47946
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-48576 Secure Boot Security Feature Bypass Vulnerability
...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
CLEANSTART-2026-JV06428 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-23831, CVE-2026-23991, CVE-2026-23992, CVE-2026-24051, CVE-2026-24137, CVE-2026-25679, CVE-2026-26958, CVE-2026-27142, CVE-2026-33186, CVE-2026-33211, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-f83f-xpx7-ffpw, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-mqqf-5wvp-8fh8 applied in versions: 0.43.0-r0, 0.43.0-r1, 0.43.0-r2, 0.43.0-r3, 0.43.0-r4
Multiple security vulnerabilities affect the tkn-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-MX76059 Security fixes for CVE-2026-33870, CVE-2026-33871, CVE-2026-41417, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42586, CVE-2026-42587, CVE-2026-44248, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45q3-82m4-75jr, ghsa-4g8c-wm8x-jfhw, ghsa-57rv-r2g8-2cj3, ghsa-5jpm-x58v-624v, ghsa-84h7-rjj3-6jx4, ghsa-cm33-6792-r9fm, ghsa-f6hv-jmp6-3vwv, ghsa-fghv-69vj-qj49, ghsa-jfg9-48mv-9qgx, ghsa-jq43-27x9-3v86, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-pwqr-wmgm-9rr8, ghsa-qqpg-mvqg-649v, ghsa-rgrr-p7gp-5xj7, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-xq3w-v528-46rv, ghsa-xxqh-mfjm-7mv9 applied in versions: 0.1.109-r0, 0.1.113-r1, 0.1.118-r2
Multiple security vulnerabilities affect the management-api-for-apache-cassandra-5.0 package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-9881 vulnerabilities
Vulnerabilities for packages: chromium...
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...
CVE-2026-39821 vulnerabilities
Vulnerabilities for packages: nifikop-fips, terragrunt, wolfictl, postgres-operator-fips, helm-fips, portieris-fips, kwok, aws-otel-collector-fips, kubernetes-dashboard-api-fips, authentik-fips, knative-kafka-broker, stern, gitaly, kubernetes-fips, cilium-envoy-fips, kuberay-apiserver,...
cockpit security update
An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...
CVE-2026-36175
Technical details enabling exploitation are not publicly available in the provided documents. The GNCC GP5 U-Boot vulnerability description is repeated across sources; monitor for updated advisories or technical specifics.