MiracleLinux 8 : webkit2gtk3-2.30.4-3.el8 (AXSA:2021-2522:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2522:01 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2021-30858 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.5.ML.1 (AXSA:2023-6246:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6246:16 advisory. webkitgtk: memory corruption issue leading to arbitrary code execution CVE-2023-32435 webkitgtk: type confusion issue leading to arbitrary code...

MiracleLinux 8 : expat-2.2.5-4.el8.3 (AXSA:2022-3114:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3114:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 9 : webkit2gtk3-2.40.5-1.el9 (AXSA:2023-6828:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6828:17 advisory. webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to...

CVE-2025-65482

The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...

Ubuntu: Security Advisory (USN-7965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 8 : GNOME (AXSA:2022-2953:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2953:01 advisory. webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 LibRaw: Stack buffer overflow in...

NVIDIA CUDA toolkit 代码问题漏洞

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...

Server-Side Template Injection (SSTI) vulnerability exist in Genshi

Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...

MiracleLinux 7 : git-1.8.3.1-25.0.1.el7.AXS7 (AXSA:2024-8721:09)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8721:09 advisory. CVE-2024-32004: detect dubious ownership of local repositories, backport the necessary functions CVEs: CVE-2024-32004 Git is a revision control system. Prior...

USN-7969-1: Dungeon Crawl Stone Stoup vulnerability

David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...

CVE-2026-23883

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

CVE-2026-23533

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

EUVD-2026-3305

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

CVE-2026-23836

HotCRP (conference review software) is affected by CVE-2026-23836. A flaw introduced in April 2024 in version 3.1 enables inadequately sanitized code generation for HotCRP formulas, allowing the execution of arbitrary PHP code (remote code execution). This issue impacts HotCRP 3.1 and is mitigate...

USN-7968-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

CVE-2025-15536

A flaw was found in BYVoid OpenCC. This vulnerability involves a heap-based buffer overflow, a type of memory corruption, within the MaxMatchSegmentation function. A local attacker can exploit this by providing specially crafted input, which may lead to information disclosure, denial of service, ...

[SECURITY] [DLA 4442-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4442-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2026 https://wiki.debian.org/LTS -...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

Important: Red Hat Security Advisory: gpsd security update

An update for gpsd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...