Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

Linux Distros Unpatched Vulnerability : CVE-2026-9746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no...

GHSA-V446-XWFM-X7MR vulnerabilities

Vulnerabilities for packages: libcrypto3-2.34, openssl...

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

@accounter/client (>=0.0.3 <=0.0.12-alpha-20260421081155-bb6cc4c0b0b59fff41df172e2f4212eca6906193), @appigram/react-code-split-ssr (=1.3.7) +157 more potentially affected by CVE-2026-40181 via react-router (>=7.0.0 <=7.14.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =0.5.1 and more Source cves: CVE-2026-40181 Source advisory: SNYK:JS-REACTROUTER-17138887...

Linux Distros Unpatched Vulnerability : CVE-2026-9878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Linux Distros Unpatched Vulnerability : CVE-2026-8542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2393 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2393 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16642072...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-44001 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-44001 Source advisory: SNYK:JS-VM2-16438945...

ac-solver (=0.1.0), acedeploy (>=2.4.15 <=2.4.342) +910 more potentially affected by CVE-2026-44243 via gitpython (>=0.3.4 <=3.1.47)

gitpython PYPI version =0.3.4, =2.4.15, =2025.10.17, =0.4.0, =0.4.0, =0.0.5, =1.2.3, =0.4.7, =0.4.7, =0.2.0, =1.0.3, =0.1.8, =0.87.2.dev9, =0.5.0, =0.86.1 and more Source cves: CVE-2026-44243 Source advisory: OSV:GHSA-7545-FCXQ-7J24...

Linux Distros Unpatched Vulnerability : CVE-2026-6531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-6531 Note that Nessus relies on the...

io.crossplane.compositefunctions:crossplane-function-example (>=1.20-alpha <=2.0.5), io.crossplane.compositefunctions:crossplane-function-springboot-starter (>=1.20-alpha <=2.0.5) +19 more potentially affected by CVE-2026-40968 via org.springframework.grpc:spring-grpc-core (>=1.0.0-RC1 <=1.0.2)

org.springframework.grpc:spring-grpc-core MAVEN version =1.0.0-RC1, =1.20-alpha, =1.20-alpha, =2026.01, =0.8.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =1.0.0, =1.0.0, =1.0.2 - org.springframew...

@armenak/aa (=1.0.1), @armenak/ui-kit (>=1.0.0 <=1.0.5) +73 more potentially affected by CVE-2026-41691 via i18next-http-backend (>=3.0.1 <=3.0.4)

i18next-http-backend NPM version =3.0.1, =1.0.0, =1.0.2, =3.12.2-pre.0a3e0d524e, =3.2.9, =3.2.9, =10.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =3.42.3, =3.8.2, =3.7.3, =3.7.11 - @eternal-baguette/sample-component =0.0.3 and more Source cves: CVE-2026-41691 Source advisory:...

Linux Distros Unpatched Vulnerability : CVE-2026-31480

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 task2 task3 ----- ----- -----...

net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-41238 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)

org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-41238 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16132235...