1246 matches found
TinaCMS - Path Traversal
TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...
ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root
Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
CVE-2026-38974
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramikovendor.py...
ROOT-OS-UBUNTU-2404-CVE-2026-53157 CVE-2026-53157 in rootio-linux - Patched by Root
Root has patched CVE-2026-53157 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root
Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.22.5 bug fix and security update
Red Hat OpenShift Container Platform release 4.22.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.22. Red Hat Product Security has rated this update as having a...
CVE-2026-10103
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...
CVE-2026-10106
Mattermost vulnerable versions: 11.7.x ≤ 11.7.2, 11.6.x ≤ 11.6.4, and 10.11.x ≤ 10.11.19. The issue stems from failing to verify that the channel referenced in an action cookie matches the target post’s channel, enabling an authenticated user without access to a private channel to trigger interac...
AlmaLinux 8 : xorg-x11-server-Xwayland (ALSA-2026:38488)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:38488 advisory. xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow CVE-2026-55999 Tenable has extracted the preceding description block directly from the AlmaLinux...
RHSA-2026:37535 Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Bulletin has no description...
RHSA-2026:37469 Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Bulletin has no description...
Fedora 44 : perl-DBI (2026-9fdda5018f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9fdda5018f advisory. 1.650 bump - Fix CVE-2026-14739, CVE-2026-14740 and CVE-2026-14380 Tenable has extracted the preceding description block directly from the Fedora...
SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:2817-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2817-1 advisory. This update for go1.25 fixes the following issues - Update to version go1.25.12 bsc1244485. - CVE-2026-25679:...
RHSA-2026:36796 Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update
Bulletin has no description...
AlmaLinux 8 : gstreamer1-plugins-bad-free (ALSA-2026:37130)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:37130 advisory. gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb CVE-2026-52720 gstreamer1-plugins-bad-free:...
AlmaLinux 8 : gstreamer1-plugins-good (ALSA-2026:36774)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:36774 advisory. gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow CVE-2026-53705 Tenable has extracted the preceding description...
UBUNTU-CVE-2026-59948
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
DEBIAN-CVE-2026-50812
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...
RHSA-2026:36366 Red Hat Security Advisory: kernel security update
Bulletin has no description...
DEBIAN-CVE-2026-60002
ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...