RHEL 10 : systemd (RHSA-2026:18153)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18153 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

@backstage/plugin-catalog-backend-module-unprocessed (>=0.0.0-nightly-20240321021124 <=0.6.11-next.0), @backstage/plugin-catalog-unprocessed-entities (>=0.0.0-nightly-20251203024610 <=0.2.30-next.0) potentially affected by CVE-2026-44374 via @backstage/plugin-catalog-unprocessed-entities-common (>=0.0.0-nightly-20241116023418 <=0.0.15-next.0)

@backstage/plugin-catalog-unprocessed-entities-common NPM version =0.0.0-nightly-20241116023418, =0.0.0-nightly-20240321021124, =0.0.0-nightly-20251203024610, =0.2.30-next.0 Source cves: CVE-2026-44374 Source advisory: OSV:GHSA-P7G9-RP3G-MGFG...

Mozilla Thunderbird < 140.9.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-29 advisory. - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and...

GO-2026-4668 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

Vim < 9.2.0074 Heap-based Buffer Overflow (GHSA-h4mf-vg97-hj8j)

The version of Vim installed on the remote host is prior to 9.2.0074. It is, therefore, affected by a vulnerability as referenced in the GHSA-h4mf-vg97-hj8j advisory. - Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exis...

GO-2026-4325 Mattermost is vulnerable to CPU exhaustion via crafted HTTP request in github.com/mattermost/mattermost-server

Mattermost is vulnerable to CPU exhaustion via crafted HTTP request in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +726 more potentially affected by CVE-2026-2635 via mlflow-skinny (>=2.6.0 <=3.9.0rc0)

mlflow-skinny PYPI version =2.6.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-2635 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698156...

CVE-2026-1046

Mattermost Desktop App versions

0agent (>=1.0.1 <=1.1.5), 0dot (=0.6.0) +53280 more potentially affected by CVE-2025-59139 via hono (>=4.0.0 <=4.9.6)

hono NPM version =4.0.0, =1.0.1, =1.0.0, =0.1.0, =0.1.0, =0.1.6, =0.1.0, =1.0.0, =0.3.2, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59139 Source advisory: SNYK:JS-HONO-12668833...

Debian dla-4266 : distro-info-data - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4266 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4266-1 [email protected] https://www.debian.org/lts/security/...

Low: gimp

Issue Overview: GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/fixed-vulnerabilities NOTE:...

1k-tasks (>=4.0.0 <=4.2.2), @adobe/helix-deploy (>=9.3.8 <=9.3.14) +214 more potentially affected by CVE-2024-47068 via rollup (>=4.0.2 <=4.22.2)

rollup NPM version =4.0.2, =4.0.0, =9.3.8, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =2.17.15, =1.9.12, =18.1.0, =18.1.0, =12.0.1, =12.0.1, =13.0.0 and more Source cves: CVE-2024-47068 Source advisory: OSV:GHSA-GCX4-MW62-G8WM...

UBUNTU-CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

CVE-2022-43558

REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used...

AZL-9890 CVE-2022-27781 affecting package curl for versions less than 7.83.1-1

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...

CVE-2022-26620

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1353 more potentially affected by CVE-2021-29556 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29556 Source advisory: OSV:GHSA-FXQH-CFJM-FP93...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by unknown CVE via safer-eval (>=1.2.3 <=1.3.6)

safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-876R-HJ45-FW7G...

trytond-account (>=4.0.2 <=4.2.11), trytond-account-asset (>=4.0.2 <=4.2.3) +99 more potentially affected by CVE-2017-0360 via trytond (>=4.0.20 <=4.2.22)

trytond PYPI version =4.0.20, =4.0.2, =4.0.2, =4.0.2, =4.0.2, =4.0.2, =4.2.0, =4.2.1 and more Source cves: CVE-2017-0360 Source advisory: OSV:PYSEC-2017-97...