AlmaLinux 9 : bind (ALSA-2026:8075)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8075 advisory. bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 Tenable has extracted the preceding description block directly from the...

CVE-2026-40316

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pullrequesttarget trigger to run wit...

Timing Attack

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

OpenRemote has XXE in Velbus Asset Import

Summary The Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023...

CVE-2026-6117

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

CVE-2026-32223

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack...

CVE-2026-32088

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-6134

A security flaw has been discovered in Tenda F451 1.0.0.7cnsvn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-23670

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to bypass a security feature locally...

CVE-2026-26175

Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-33824

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network...

CVE-2026-33098

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-32219

Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally...

CVE-2026-32192

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

CVE-2026-27926

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-27928

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-26183

Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally...

CVE-2026-26160

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally...

CVE-2026-20928

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...