AlmaLinux 9 : openexr (ALSA-2026:15887)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:15887 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

RHEL 10 : python3.12 (RHSA-2026:16699)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16699 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

VMware ESXi 缓冲区错误漏洞

VMware ESXi is a server virtualization platform developed by the American company VMware, which can be directly installed on physical servers. VMware ESXi has a buffer overflow vulnerability, which stems from a heap-based buffer overflow. This vulnerability could allow attackers to gain elevated...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:16694)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16694 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: golang: Go golang...

RockyLinux 8 : libtiff (RLSA-2026:16055)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:16055 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

RockyLinux 10 : openexr (RLSA-2026:15888)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:15888 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. Versions of Samsung Mobile Devices prior to SMR May-2026 Release 1 contain security vulnerabilities. These vulnerabilities stem from improper input validation in...

VMware ESXi 安全漏洞

VMware ESXi is a server virtualization platform developed by the American company VMware, which can be directly installed on physical servers. VMware ESXi has a security vulnerability that stems from a heap-based buffer overflow. This vulnerability could allow attackers to gain elevated privilege...

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

Directory Traversal

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Directory Traversal via the host volume Create workflow. An attacker can break out of...

EUVD-2026-29741

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...

EUVD-2026-29743

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...