MiracleLinux 8 : webkit2gtk3-2.30.4-3.el8 (AXSA:2021-2522:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2522:01 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2021-30858 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.ML.1 (AXSA:2023-5964:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5964:10 advisory. webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.2 (AXSA:2023-5160:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5160:05 advisory. webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution CVE-2023-23529 Tenable has extracted the preceding...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9.1 (AXSA:2023-5048:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5048:03 advisory. webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 Tenable has extracted the preceding description...

MiracleLinux 8 : GNOME (AXSA:2022-2953:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2953:01 advisory. webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 LibRaw: Stack buffer overflow in...

ROS-20260120-7367

A vulnerability in the xpcreateandassignumem function of the Linux operating system kernel is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

USN-7969-1: Dungeon Crawl Stone Stoup vulnerability

David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An attacker could possibly use this issue to execute arbitrary code...

CVE-2026-23883

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

CVE-2026-23533

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a client-side heap buffer overflow vulnerability in the RDPGFX ClearCodec decode path. This occurs when maliciously crafted residual data causes out-of-bounds writes during color...

EUVD-2026-3305

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...

CVE-2026-23836

HotCRP (conference review software) is affected by CVE-2026-23836. A flaw introduced in April 2024 in version 3.1 enables inadequately sanitized code generation for HotCRP formulas, allowing the execution of arbitrary PHP code (remote code execution). This issue impacts HotCRP 3.1 and is mitigate...

USN-7968-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

CVE-2025-15536

A flaw was found in BYVoid OpenCC. This vulnerability involves a heap-based buffer overflow, a type of memory corruption, within the MaxMatchSegmentation function. A local attacker can exploit this by providing specially crafted input, which may lead to information disclosure, denial of service, ...

[SECURITY] [DLA 4442-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4442-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2026 https://wiki.debian.org/LTS -...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

Important: Red Hat Security Advisory: gpsd security update

An update for gpsd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Wondershare Dr. Fone Code Issue Vulnerability

Wondershare Dr. Fone is a one-stop solution for cell phones from China's Wanxing Wondershare. A code issue vulnerability exists in Wondershare Dr. Fone, which stems from an unquoted service path that can be exploited by an attacker to cause a local user to execute arbitrary code and elevate syste...

PT-2026-3507

Name of the Vulnerable Software and Affected Versions Alchemy versions prior to 7.4.12 Alchemy versions prior to 8.0.3 Description Alchemy, a Ruby on Rails content management system, allows an authenticated attacker to execute arbitrary system commands on the host operating system. The applicatio...

MiracleLinux 4 : firefox-52.5.0-1.0.1.AXS4 (AXSA:2017-2420:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2420:06 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11772)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...