Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-017546)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017546 advisory. Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Tenable has extracted the preceding description block directly from t...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017678 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017753 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.23 and prior. Easily exploitable...

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017763 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017729 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017441 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2026-6986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017663 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

MiracleLinux 8 : corosync-3.1.8-1.el8_10.1 (AXSA:2026-593:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-593:02 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via...

Unity Linux 20.1060e / 20.1070e Security Update: wpa_supplicant (UTSA-2026-017501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017501 advisory. The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differenc...

CVE-2026-8254 Devs Palace ERP Online sales_save cross site scripting

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2026-8253 Devs Palace ERP Online purchase_save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

CVE-2026-8248 Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may b...

EUVD-2021-34809

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CVE-2021-47953 OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and...

CVE-2021-47953

OpenCart 3.0.3.7 is affected by a cross-site request forgery (CSRF) vulnerability in the account/password endpoint. An attacker can lure an authenticated user into submitting a hidden form with new password values (password and confirm), enabling account takeover. The vulnerability is documented ...

CVE-2021-47949 CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...