CVE-2025-63656

CVE-2025-63656 affects the Monkey server (commit f37e984) with an out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c). Exploitation is sufficient to cause a Denial of Service by receiving a crafted HTTP request. Connected sources (Red Hat advisory, NVD/NVL records, Attacker...

CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

RHEL 8 : python3.11 (RHSA-2026:1374)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1374 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Important: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE SLES15 / openSUSE 15 Security Update : python-marshmallow (SUSE-SU-2026:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0226-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding...

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

OESA-2026-1246 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Linux Distros Unpatched Vulnerability : CVE-2025-14369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC...

CVE-2026-23764 VB-Audio Voicemeeter & Matrix Drivers DoS via Corrupted IoAllocateMdl Length

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively, as well as VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a vulnerability in their virtual aud...

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

CVE-2025-14369

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

CVE-2025-14369 CVE-2025-14369

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

MiracleLinux 8 : nodejs:14 (AXSA:2021-1568:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1568:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-53592)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...

MiracleLinux 9 : nodejs-16.20.2-4.el9_3 (AXSA:2024-7625:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7625:01 advisory. nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 Tenable has extracted the preceding description blo...

MiracleLinux 9 : expat-2.5.0-3.el9_5.1 (AXSA:2024-9401:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9401:09 advisory. libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003797 advisory. An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect isizewrite properly, which causes an isizeread infinite loop and denial o...

CVE-2025-60003

A Buffer Over-read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device receives a BGP update with a set of specific optional transitive...

USN-7916-2 python-apt regression

USN-7916-1 fixed a vulnerability in python-apt. The update had a PEP 440 incompatible version. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker...