Linux Distros Unpatched Vulnerability : CVE-2026-0438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user...

PT-2026-49008

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.68 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

PT-2026-48868

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.6 @nuxt/rspack-builder versions 4.0.0 through 4.4.6 @nuxt/webpack-builder versions 3.15.4 through 3.21.6 @nuxt/webpack-builder versions 4.0.0 through 4.4.6 Description An incomplete fix in the...

PT-2026-48863

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition Portable version 26.3 Build 5154 Description The application allows arbitrary code execution by loading malicious DLLs from a predictable temporary directory that can be modified by the user. During startup, the...

PT-2026-48968

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A flaw allows a program capable of writing bytes to the terminal—such as a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, or an issue body in a TUI—to...

PT-2026-48851

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

RockyLinux 9 : redis:7 (RLSA-2026:25219)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25219 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

RockyLinux 10 : valkey (RLSA-2026:25216)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25216 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

RockyLinux 9 : samba (RLSA-2026:25049)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

PT-2026-49047

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.98 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed Windows PE Portable Executable file. This issue may lead to local execution of code or a...

PT-2026-48949

Name of the Vulnerable Software and Affected Versions aws-c-http versions prior to 0.11.0 Description Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library allows a remote threat actor operating a server to cause memory corruption on a connecting clien...

PT-2026-49017

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.56 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed Windows MSI file. This issue may lead to local execution of code or a denial-of-service of the...

PT-2026-48888

Name of the Vulnerable Software and Affected Versions AMD optional tools affected versions not specified Description The use of insecure HTTP transport within the auto-updater allows for a man-in-the-middle attack, which is a technique where an attacker intercepts communication between two partie...

PT-2026-49046

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.104 Description A heap buffer out-of-bounds write occurs due to an integer overflow in the antivirus engine when scanning a malformed MS-DOS executable file. This can lead to local execution of code or ...

PT-2026-49050

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.27.12 Description A heap buffer out-of-bounds write occurs in the Avira Antivirus engine when scanning a malformed POSIX tar archive. This flaw may allow local execution of code or a denial-of-service of t...

PT-2026-49053

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description An authenticated administrator with access to the security system can provide arbitrary absolute file paths to the Master Password Dump web page to create files...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...