CVE-2026-45569

Roxy-WI path-traversal patch in commit d4d10006 uses a tuple-membership check, which can bypass common ../../ payloads; no publicly available patches yet.

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

CVE-2026-9758

Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted...

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

CVE-2026-53438

Summary: CVE-2026-53438 affects Jenkins 2.567 and earlier (including LTS 2.555.2 and earlier). A missing permission check allows attackers who have Item/Cancel permission but lack Item/Read permission to cancel queue items they are not allowed to view. What’s affected: Jenkins core queue cancella...

CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

RHSA-2026:24762 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

Bulletin has no description...

RHSA-2026:24761 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: httpd: httpd-2.4.68-1.hum1 aarch64, x8664 httpd-core-2.4.68-1.hum1 aarch64, x8664 httpd-devel-2.4.68-1.hum1 aarch64, x8664 httpd-filesystem-2.4.68-1.hum1 noarch httpd-manual-2.4.68-1.hum1 noarch...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.33 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.33 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

SUSE CVE-2026-11647

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploit for CVE-2026-48732

CVE-2026-48732: Warp Remote SSH cwd Command Injection PoC...

PT-2026-48462

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.16.0 Description When iterator caching is enabled, specifically with SharedIteratorCache and ListObjectsIteratorCache, two distinct check requests can produce the same cache key. This causes the system to reuse a...

EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2026-2294)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2309)

According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...

RHEL 7 : kernel (RHSA-2026:25095)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25095 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: raw: fix ro-uniq...

Linux Distros Unpatched Vulnerability : CVE-2026-42769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response...