Linux Distros Unpatched Vulnerability : CVE-2026-46310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the clean...

EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2309)

According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...

RHEL 7 : kernel (RHSA-2026:25095)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25095 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: raw: fix ro-uniq...

Linux Distros Unpatched Vulnerability : CVE-2026-52905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 mm/damon: add damonctx-minszregion introduced a bug that allows unaligned...

Linux Distros Unpatched Vulnerability : CVE-2026-42769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response...

FrankenPHP 输入验证错误漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. In versions 1.11.2 to 1.2.3 of FrankenPHP, there was a vulnerability related to input validation errors. This vulnerability stemmed from the incorrect use of the splitPos function in cgi.go when the request path contained...

Nimiq 代码问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had code vulnerabilities. These vulnerabilities stemmed from the DhtResults accumulator in handledhtget, which was only initialized when the first DHT record passed validation. This allowed...

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability stemmed from a single-b...

ImageMagick 资源管理错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25 contained a resource management vulnerability. This vulnerability stemmed from...

EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2026-2294)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

ImageMagick 代码问题漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. There were code-related vulnerabilities in versions of ImageMagick prior to 6.9.13-50 and 7.1.2-25. These vulnerabilities stemmed from...

EUVD-2026-35884

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

UBUNTU-CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

UBUNTU-CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

CVE-2026-46433

CVE-2026-46433 affects lldpd (LLDP implementation). Prior to version 1.0.22, lldpd_decode() incorrectly shifts frame payload when removing 802.1Q VLAN tags, using a length calculation that causes a 4-byte heap OOB read if the frame size equals the interface MTU. This vulnerability is fixed in ver...

EUVD-2026-35858

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...