486877 matches found
RockyLinux 9 : hplip (RLSA-2026:26297)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)
The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...
PT-2026-50511
Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...
CVE-2026-36418
The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...
PT-2026-50607
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...
PT-2026-50440
Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...
PT-2026-50433
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...
Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
RHEL 9 : dracut (RHSA-2026:26533)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26533 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...
RHEL 10 : valkey (RHSA-2026:26540)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26540 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists,...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FreeRDP vulnerabilities (USN-8432-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8432-1 advisory. It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to...
RockyLinux 8 : hplip (RLSA-2026:26335)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26335 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...
Important: dracut security update
The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...
PT-2026-50438
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...
Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
MAL-2026-5936 Malicious code in vite-config-field (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...
EUVD-2026-37195
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37185
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-37196
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...