Command Injection

Kottster is vulnerable to Command Injection. The vulnerability is due to insecure handling of development-mode functionality, which allows an unauthenticated attacker to execute arbitrary code on the server when the application is running in development mode...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.191.b12-0.AXS4 (AXSA:2018-3360:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3360:04 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-31...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.151-1.b12.AXS4 (AXSA:2017-2337:08)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2337:08 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

RHEL 8 : mariadb-devel:10.3 (RHSA-2026:0698)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0698 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.39.b17.AXS4 (AXSA:2011-61:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-61:02 advisory. The Java Platform Standard Edition Development Kit JDK includes both the runtime environment Java virtual machine, the Java platform classes and...

kernel-devel-6.18.5-1.1 on GA media (moderate)

kernel-devel-6.18.5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10039-1 Rating: moderate Cross-References: CVE-2025-68332 CVE-2025-68335 CVE-2025-68336 CVE-2025-68337 CVE-2025-68344 CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68348 CVE-2025-68349 CVE-2025-68350 CVE-2025-68351...

CVE-2025-8090 Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety

Null pointer dereference in the MsgRegisterEvent system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel...

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

Microsoft Windows SDK < 10.0.26100.7463 Inbox COM Objects (Global Memory) RCE (January 2026)

The version of Microsoft Windows SDK installed on the remote host is prior to 10.0.26100.7463. It is, therefore, affected by a remote code execution vulnerability: - Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. CVE-2026-21219 Note that Nessus has no...

OPENSUSE-SU-2026:10039-1 kernel-devel-6.18.5-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.18.5-1.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 9 : java-17-openjdk-17.0.14.0.7-2.el9.ML.1 (AXSA:2025-9583:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9583:02 advisory. JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The Red Hat OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a...

MiracleLinux 8 : luksmeta-9-4.el8_10.1 (AXSA:2025-11519:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11519:01 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from th...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.462.b08-2.el8 (AXSA:2025-10573:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10573:11 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Bette...

MiracleLinux 8 : java-17-openjdk-17.0.16.0.8-2.el8 (AXSA:2025-10574:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10574:10 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059...

CVE-2025-68656

CVE-2025-68656 affects the ESP-IDF USB Host HID Driver. Before 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device-&gt;ctrl_xfer while continuing to use a stale local pointer, causing an immediate use-after-free when processing attacker-controlled Report Descriptor lengths....

CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

Path Traversal

@vitejs/plugin-rs is vulnerable to . The vulnerability is due to missing input validation on the frindSourceMapURL development endpoint, where an unauthenticated attacker can supply a file:// URL in the filename parameter to read arbitrary files accessible to the Node.js process...

OPENSUSE-SU-2026:10032-1 libpcap-devel-1.10.6-1.1 on GA media

These are all security issues fixed in the libpcap-devel-1.10.6-1.1 package on the GA media of openSUSE Tumbleweed...

AWS SDK for .NET 输入验证错误漏洞

AWS SDK for .NET is an open source developer kit from Amazon Web Services. An input validation error vulnerability exists in AWS SDK for .NET versions 4.0.0 through prior to 4.0.3.3, which stems from a regional input field that can be set to an invalid value, potentially resulting in AWS API call...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid value. Remediation Upgrade AWSSDK.Core to...