PT-2026-48724

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description An out-of-bounds write occurs in the H.266/VVC PPS picture partition parser within the gst-plugins-bad component. In the multi-slice-in-tile processing of the gst h266 parser parse picture...

MIT krb5 数字错误漏洞

MIT krb5 is a network authentication protocol developed by the Massachusetts Institute of Technology in the United States. It operates on a client/server architecture, and both the client and server can perform identity authentication i.e., double verification, which helps prevent eavesdropping a...

KanaDojo 安全漏洞

KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. Versions of KanaDojo prior to 0.18.0 contained security vulnerabilities. These vulnerabilities were caused by sandbox escape attacks, allowing attackers to execute arbitrary code by passing the global...

ROS-20260611-73-0016

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

PT-2026-48720

Name of the Vulnerable Software and Affected Versions KanaDojo affected versions not specified Description A command injection issue exists where an attacker with pull request access can execute arbitrary shell commands. This occurs when shell metacharacters are inserted into the version or chang...

PT-2026-48636

An integer underflow vulnerability was found in MIT krb5 in the berval2tl data function in plugins/kdb/ldap/libkdb ldap/ldap principal2.c. The function performs an unsigned subtraction bv len - 2 without a prior bounds check. When bv len is 0 or 1, the subtraction wraps to a large value which is...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.24 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass issue in the MCP loopback function, allowing unauthorized users to circumvent t...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in browser control, allowing authenticated users to bypass private network...

gatus 安全漏洞

Gatus is a service health monitoring and alerting tool developed by TwiN’s individual developers. Version 5.36.0 of Gatus contains a security vulnerability. This vulnerability stems from the setSessionCookie function in the OIDC session cookie handler. Performing certain operations may result in...

ROS-20260611-73-0006

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failure...

PT-2026-48638

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 and later Description An Out-of-Memory OOM Denial of Service DoS issue exists due to unbounded frame count processing in the VideoMediaIO.load base64 function. When processing video/jpeg data URLs, the system splits the...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Lodash vulnerabilities (USN-8411-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8411-1 advisory. It was discovered that Lodash was vulnerable to a prototype pollution issue in the...

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-49760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file...

Linux Distros Unpatched Vulnerability : CVE-2026-52859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen int...

Linux Distros Unpatched Vulnerability : CVE-2025-55657

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2025-52292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4...

Linux Distros Unpatched Vulnerability : CVE-2026-48860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN...

Linux Distros Unpatched Vulnerability : CVE-2026-44489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are sti...

Linux Distros Unpatched Vulnerability : CVE-2026-49759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP...