Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2026-1390)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-e67a6f9c45)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, and kpatch-patch-5_14_0-570_66_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-13673

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

📄 NFR Agent SRS Record 1.0.4.3 PHP Code Injection

Proof of concept code injection exploit for NFR Agent SRS Record version 1.0.4.3. This is for an older finding from 2012. ============================================================================================================================================= | Title : NFR Agent SRS Record...

CVE-2026-21242

creationtimestamp| type| source ---|---|--- 2026-02-10 17:30:28+00:00| seen| https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review 2026-02-10 18:01:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0053...

CVE-2026-2259

A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local...

EUVD-2026-3973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through = 7.1.3...

MiracleLinux 8 : rsync-3.1.3-19.el8 (AXSA:2022-4191:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4191:08 advisory. zlib: heap-based buffer over-read and overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 Tenable has extracted the preceding...

EUVD-2026-2132

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

EUVD-2026-2199

Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-21678

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml. This issue has been patched in version 2.3.1.2...

CVE-2022-50772

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimbusdevnew If deviceregister failed in nsimbusdevnew, the value of reference in nsimbusdev-dev is 1. obj-name in nsimbusdev-dev will not be released. unreferenced object 0xffff88810352c480 size 16...

CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

PT-2025-52975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/MSM/HDMI subsystem. Specifically, a missing check for the return value of alloc ordered workqueue can lead to a NULL pointer dereference in hdmi...

PT-2025-53400

CVE-2025-48863 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-48863 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

Zoom Rooms < 6.6.0 Vulnerability (ZSB-25051)

The version of Zoom Rooms installed on the remote host is prior to 6.6.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25051 advisory. - External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a...

Exploit for Deserialization of Untrusted Data in Facebook React

$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...