486842 matches found
RockyLinux 8 : hplip (RLSA-2026:26335)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26335 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FreeRDP vulnerabilities (USN-8432-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8432-1 advisory. It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to...
Oracle PeopleSoft Unauthenticated Java Deserialization SSRF / RCE (CVE-2026-35273)
Binary data oraclepeoplesoftssrfcve202635273.nbin...
PT-2026-50511
Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...
CVE-2026-36418
The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...
RockyLinux 9 : valkey (RLSA-2026:25925)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25925 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...
PT-2026-50607
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...
Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)
An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)
The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...
PT-2026-50438
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...
Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
RockyLinux 9 : hplip (RLSA-2026:26297)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...
PT-2026-50440
Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...
PT-2026-50192
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Passwords component allows a remote attacker to execute arbitrary code when a user accesses a specially crafted HTML page. Use after free is a...
PT-2026-50193
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...
PT-2026-50197
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calls within web browsers. This issue allows a remote attacke...
PT-2026-50216
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow exists in WebRTC in Google Chrome on Windows. A remote attacker can execute arbitrary code by inducing the victim to open a crafted HTML page. A heap buffer...
PT-2026-50433
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...