PT-2026-44989

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar function validates the X...

CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46597)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46597 advisory. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM pack...

PT-2026-44951

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.1 Description A reflected Cross-Site Scripting XSS issue exists in the keyword filter. Reflected XSS occurs when an application receives data in an HTTP request and includes that data within the...

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained a security vulnerability. This vulnerability stemmed from the CreateOrderFromCartAction::execute function, which created order lines before checking and increasing the...

Linux Distros Unpatched Vulnerability : CVE-2026-46107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to...

Linux Distros Unpatched Vulnerability : CVE-2026-9924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to...

Linux Distros Unpatched Vulnerability : CVE-2026-46181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it...

Linux Distros Unpatched Vulnerability : CVE-2026-9922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary co...

Linux Distros Unpatched Vulnerability : CVE-2026-46161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without...

Linux Distros Unpatched Vulnerability : CVE-2026-46164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfoty...

Linux Distros Unpatched Vulnerability : CVE-2026-46120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 net: ipv6: Use link netns in newlink of rtnllinkops, ip6erspannewlink correctly...

Linux Distros Unpatched Vulnerability : CVE-2026-46116

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: defensively unhash xfrmstate lists in xfrmstatedelete KASAN reproduces a slab-use-after-free in xfrmstatedelete's hlistdelrcu calls under syzkaller load ...

Linux Distros Unpatched Vulnerability : CVE-2026-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets ...

Linux Distros Unpatched Vulnerability : CVE-2026-9932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-9978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

DEBIAN-CVE-2026-9975

Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9937

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9922

Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9904

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...