591503 matches found
RHEL 9 : redis (RHSA-2026:26233)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26233 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
RHEL 8 : hplip (RHSA-2026:26335)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26335 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printer...
RHEL 9 : hplip (RHSA-2026:26297)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26297 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printer...
Alibaba Cloud Linux 3 : 0159: poppler (ALINUX3-SA-2026:0159)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0159 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-10118: A flaw was found in Poppler's Splas...
RHEL 9 : ruby (RHSA-2026:26312)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26312 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
RHEL 7 : gimp (RHSA-2026:26168)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26168 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...
Alibaba Cloud Linux 3 : 0152: samba (ALINUX3-SA-2026:0152)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-3012: A flaw was found in Sambas...
RHEL 10 : hplip (RHSA-2026:26228)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26228 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printe...
Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities
The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...
RHEL 8 : python3.11 (RHSA-2026:26187)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26187 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary...
Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...
PT-2026-49807
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
Security Bulletin: NVIDIA NeMo - June 2026
NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.7.3 or later from the NVIDIA-NeMo/NeMo GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this...
CVE-2026-12161
CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...
CVE-2026-48853
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
CVE-2026-48723 BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...
EUVD-2026-37015
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
EEF-CVE-2026-48853 Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
Summary Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote...
CVE-2026-48853
CVE-2026-48853 affects the elixir-grpc/grpc stack where the Erlpack codec decodes gRPC payloads with :erlang.binary_to_term/1 without safety bounds. This leads to untrusted data deserialization, atom creation risk (atom table exhaustion) and potential remote code execution if a malicious term rea...