ROS-20260529-73-0005

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0006

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0007

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0008

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0010

The vulnerability of JavaScript script handlers in Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the issue of writing beyond the buffer boundaries in memory during the processing of Promise objects. Exploiting this vulnerability allows a malicious actor to execute arbitra...

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

Linux Distros Unpatched Vulnerability : CVE-2026-9978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-10022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary cod...

Ubuntu 25.10 / 26.04 LTS : Papers vulnerability (USN-8321-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8321-1 advisory. It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could...

Oracle Linux 8 : flatpak (ELSA-2026-21756)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21756 advisory. 1.12.9-4 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165633 - Fix arbitrary file deletion on host via...

📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

PT-2026-44769

Name of the Vulnerable Software and Affected Versions Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008 Description Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication. Recommendatio...

CVE-2026-39292

Summary: Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module, allowing remote attackers to upload arbitrary files and achieve remote code execution. Root cause: insufficient validation of uploaded file types and executabl...

📄 Wing FTP Server 8.1.3 Remote Code Execution

Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...

RockyLinux 10 : edk2 (RLSA-2026:18465)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18465 advisory. edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : cockpit (ALSA-2026:21700)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

Linux Distros Unpatched Vulnerability : CVE-2026-9992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a...