Fedora 45 : gst-devtools / gst-editing-services / gstreamer1 / gstreamer1-doc / etc (2026-a8009a6ebe)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a8009a6ebe advisory. 1.28.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but h...

PT-2026-22500

🛡️ PenTest tip: explore CVE-2023-34527 - OpenSSH authentication bypass. Great sandbox exercise to sharpen your exploit-development skills. PenTesting CVE CVE-2023-34527 ref:1773688762628 😃 I love digging into real-world exploits!...

PT-2026-22468

CVE-2024-62819 Nexus AI Chatbot A production-grade AI chatbot platform, forked from Vercel's Chat SDK and extended with multi-model support, document management, RAG search, and custom AI agents. Live https://t.co/yWk2xxjelG...

The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design

In the third part of our series, we explore Preventative Risk Management. We discuss how shifting security into the development lifecycle helps organizations meet FedRAMP requirements...

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933 & CVE-2026-21925))

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows...

CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...

Arbitrary Code Injection

Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Arbitrary Code Injection via the WebSocket message handlers for creating and saving stories, specifically through unsanitized input in the...

PT-2026-22027

Name of the Vulnerable Software and Affected Versions Storybook versions prior to 7.6.23 Storybook versions prior to 8.6.17 Storybook versions prior to 9.1.19 Storybook versions prior to 10.2.10 Description Storybook’s dev server WebSocket functionality, used for creating and updating stories, is...

RLSA-2026:2776 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the security issues, includi...

Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Service Registry and Repository due to CVE-2026-1188

Summary A buffer overflow vulnerability in IBM® SDK, Java™ Technology Edition affects IBM WebSphere Service Registry and Repository. This issue is also addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2026-1188...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty due to CVE-2026-1188

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a...

RHEL 9 : edk2 (RHSA-2026:3164)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3164 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

pwn-claude-plugin

pwn-claude-plugin Claude Code plugin for binary exploitation...

OPENSUSE-SU-2026:20261-1 Security update for openQA, os-autoinst, openQA-devel-container

This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: fixmcp: set navbar check expression to read-only feat: support inverted result filters in /tests/overview fixtest: Enable helm install-chart test...

OPENSUSE-SU-2026:10237-1 libopenssl-3-devel-3.5.3-2.1 on GA media

These are all security issues fixed in the libopenssl-3-devel-3.5.3-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...