CVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

UBUNTU-CVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

CVE-2026-22984

CVE-2026-22984 affects the Linux kernel libceph path (handle_auth_done) and is resolved by an explicit bounds check on payload_len to prevent out-of-bounds reads. Upstream patch exists and has been incorporated in newer kernel releases (e.g., 6.6.130 per Mageia advisory); vendors: update to a ker...

OESA-2026-1190 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an...

Linux Distros Unpatched Vulnerability : CVE-2026-22992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from...

CVE-2025-70983

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges...

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...

Azure Linux 3.0 Security Update: prometheus-process-exporter (CVE-2022-46146)

The version of prometheus-process-exporter installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46146 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions...

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

MiracleLinux 8 : python3-3.6.8-39.el8.ML.1 (AXSA:2021-2524:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2524:05 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 Tenable has extracted the preceding description block directly from the...

MedDream PACS Premium modifyRoute reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2266 MedDream PACS Premium modifyRoute reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-57787 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyRoute functionality of MedDream PACS Premium...

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-6296:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6296:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

MAL-2026-341 Malicious code in ofjaaah-auth-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 680db6543dbee7ec4f8cfe557fc5c76a13bb684b7faeec4e6e2582c0d89ecdf7 The package ofjaaah-auth-module was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3266

Malicious code in ofjaaah-auth-module npm...

Malicious Package

Overview ofjaaah-auth-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in ofjaaah-auth-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 680db6543dbee7ec4f8cfe557fc5c76a13bb684b7faeec4e6e2582c0d89ecdf7 The package ofjaaah-auth-module was found to contain malicious code. Source: ghsa-malware...

Oracle Linux 8 : net-snmp (ELSA-2026-0750)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0750 advisory. 5.8-33.0.1 - fix error index value when snmpget is used a proxy pass Orabug: 34905643 1:5.8-33 - fix out of bound access RHEL-137501 - perl modern auth enableme...