Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

RockyLinux 9 : samba (RLSA-2026:25049)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

Adobe Substance 3D Sampler <= 6.0.0 Multiple Arbitrary Code Execution Vulnerabilities (APSB26-60)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 6.0.0. It is, therefore, affected by multiple out-of-bounds write vulnerabilities as referenced in the APSB26-60 advisory. - Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bound...

Ivanti Sentry < R10.5.2 / R10.6.2 / R10.7.1 Multiple Vulnerabilities

The version of Ivanti Sentry formerly MobileIron Sentry running on the remote host is prior to R10.5.2, R10.6.2, or R10.7.1. It is, therefore, affected by multiple vulnerabilities : - An OS command injection vulnerability allows a remote, unauthenticated attacker to achieve root-level remote code...

RockyLinux 10 : valkey (RLSA-2026:25216)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25216 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

Security Updates for Microsoft Word Products C2R (June 2026)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-45456, CVE-2026-45458 - Untrusted...

Debian dla-4626 : libinput-bin - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4626 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4626-1 [email protected]...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : lwIP vulnerabilities (USN-8423-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8423-1 advisory. It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could...

EulerOS Virtualization 2.13.0 : libtiff (EulerOS-SA-2026-2406)

According to the versions of the libtiff packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the...

PT-2026-49048

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.76 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

PT-2026-49047

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.98 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed Windows PE Portable Executable file. This issue may lead to local execution of code or a...

Security Updates for Microsoft Office Products C2R (June 2026)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824, CVE-2026-45461, CVE-2026-45463,...

RHEL 8 : flatpak (RHSA-2026:25381)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25381 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

RockyLinux 9 : libyang (RLSA-2026:25051)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25051 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

📄 Gogs 0.14.2 Argument Injection

Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...

PT-2026-49013

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25021310 AVG Antivirus versions prior to VPS 25021310 Norton Antivirus versions prior to VPS 25021310 Avast One versions prior to VPS 25021310 Avast Business Antivirus versions prior to VPS 25021310...

📄 Paperclip AI Remote Code Execution

Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...

CVE-2026-42846

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

EUVD-2026-36367

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...

CVE-2026-45171

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...