PT-2026-48397

Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...

Linux Distros Unpatched Vulnerability : CVE-2026-45073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45073 Note that Nessus relies on the presence of the package as reported by the vendor...

PT-2026-36686

Pre-show: Two thirds of your hosts are sick 🤧 Follow-up: Backblaze & cloud backups Carbon Copy Cloner & Backblaze via Barry Rubenstein Support document Maestral Arq’s approach via Daniel Luz Neo-ing… other things Mythos What makes this different via William Moran GPT-5.5 is equivalent? cURL...

Exploit for CVE-2026-31431

copy-fail-fix Per-distro mitigation scripts for CVE-2026-314...

[SECURITY] Fedora 42 Update: PackageKit-1.3.4-3.fc42

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

[SECURITY] Fedora 43 Update: PackageKit-1.3.4-3.fc43

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

[SECURITY] [DLA 4548-1] distro-info-data database update

Debian LTS Advisory DLA-4548-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera April 25, 2026 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u11 This is a routine update of the distro-info-data database for Debian LTS users. It updates t...

Debian dla-4548 : distro-info-data - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4548 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4548-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] Fedora 44 Update: PackageKit-1.3.4-3.fc44

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

Linux Distros Unpatched Vulnerability : CVE-2026-3939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF fil...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: aws-flb-kinesis-fips, image-factory-fips, cloud-provider-gcp-cloud-controller-manager-fips, zarf, kyverno-policy-reporter-plugins-kyverno-fips, amazon-cloudwatch-agent-operator, crossplane-provider-aws-s3-fips, skaffold-fips, kyverno, authservice, gitlab-rails-ce,...

CVE-2025-11224

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality...

CVE-2021-31828

An SSRF issue in Open Distro for Elasticsearch ODFE before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...

GHSA-56W8-48FP-6MGV vulnerabilities

Vulnerabilities for packages: consul-k8s, rke2-runtime-fips, gitlab-rails-ce, k3s, vault, gitlab-rails-ce-fips, falco-no-driver, terraform, backup-restore-operator, cert-manager-fips...

CVE-2025-47913 vulnerabilities

Vulnerabilities for packages: consul-k8s, rke2-runtime-fips, gitlab-rails-ce, k3s, vault, gitlab-rails-ce-fips, falco-no-driver, terraform, backup-restore-operator, cert-manager-fips...

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...