CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

CVE-2026-44049 Out-of-bounds write in convert_charset() null termination

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

KLA91068 ACE vulnerability in Microsoft Office

A remote code execution vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-45659 Exploitation Related products Microsoft-SharePoint CVE list CVE-2026-45659 critical KB list 5002863 5002868 5002870...

MiracleLinux 9 : nginx:1.22 (AXSA:2026-703:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-703:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : ruby:3.3 (AXSA:2026-706:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-706:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

PT-2026-42429

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.0 through 4.4.2 Description Insufficient sanitization of volume paths allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. This occurs through shell injection involvin...

PT-2026-42688

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

MiracleLinux 9 : ruby-3.0.7-166.el9_7 (AXSA:2026-694:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-694:02 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

PT-2026-42605

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

PT-2026-42418

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A missing output length bounds check in the pull charset flags function allows a remote authenticated attacker to execute arbitrary code or cause a denial of service by sending crafted characte...

MiracleLinux 9 : nginx:1.26 (AXSA:2026-705:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-705:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-24425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template...

PT-2026-42406

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A stack-based buffer overflow occurs due to UCS-2 type confusion within the convert charset function. This allows a remote authenticated attacker to execute arbitrary code or cause a denial of...

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.1.0 to 4.4.2 of Netatalk have a vulnerability related to operating system command injection. This vulnerability stems fr...

MiracleLinux 9 : nginx:1.24 (AXSA:2026-704:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-704:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

FreeBSD : FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE) (6c96da5e-54b6-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6c96da5e-54b6-11f1-8d7a-bc241121aa0a advisory. ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls...

DEBIAN-CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

Malicious code in vite-json-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7c9683fed8b8696938eb7ad88e158f70a075851b0dd511af991ecd69a4d0fd The package presents itself as a vite/tsconfig path helper and clones the public API of tsconfig-paths createMatchPath, matchFromAbsolutePaths,...

CVE-2026-8632

HP Linux Imaging and Printing Software is reported to contain a potential vulnerability that may allow local privilege escalation and arbitrary code execution through operating system command injection. The affected software is identified as HP Linux Imaging and Printing Software; the vulnerabili...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...