EulerOS 2.0 SP13 : openjpeg2 (EulerOS-SA-2026-2347)

According to the versions of the openjpeg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library...

VulnCheck KEV: CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

PT-2026-48506

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

PT-2026-48417

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2342)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...

PT-2026-48542

Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...

PT-2026-48375

Name of the Vulnerable Software and Affected Versions ansible.posix affected versions not specified Description A local privilege escalation issue exists in the authorized key module. The keyfile function utilizes os.chown instead of os.lchown and opens files without the O NOFOLLOW flag when...

PT-2026-48469

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erl interface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl interface/src/misc/ei printterm.c and program routine ei s print term. The C function ei s print term uses an internal...

PT-2026-48530

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the protocol parser. A malicious broker or machine-in-the-middle attacker can exhaust memory or hang connections by sending a crafted 4-byte frame length valu...

Linux Distros Unpatched Vulnerability : CVE-2025-55658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows...

Linux Distros Unpatched Vulnerability : CVE-2025-55651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2026-45446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty...

EulerOS 2.0 SP13 : sqlite (EulerOS-SA-2026-2357)

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain...

ROS-20260610-73-0039

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

ROS-20260610-73-0040

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

ROS-20260610-73-0043

The vulnerability of the smartcardunpacksetattribcall function in the RDP client FreeRDP is related to the execution of operations outside the buffer in memory, resulting from an incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2343)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

EulerOS 2.0 SP13 : vim (EulerOS-SA-2026-2361)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2026-2310)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

PT-2026-48520

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...