590558 matches found
PT-2026-44492
Name of the Vulnerable Software and Affected Versions Portainer CE affected versions not specified Description Insecure default settings grant regular non-administrative users privileges that allow access to the host filesystem and host-level code execution. An authenticated user with endpoint...
PT-2026-44553
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/block id/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in t...
📄 WebFileSys 2.31.1 Cross Site Scripting
WebFileSys version 2.31.1 suffers from multiple cross site scripting vulnerabilities. CVE-2026-29971 An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation. CVE-2026-29971 Vulnerability Reflected Cross-Site Scripting...
PT-2026-44371
An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...
RHEL 10 : httpd (RHSA-2026:21433)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21433 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp:...
Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities
The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...
Debian dsa-6307 : kitty - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6307 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6307-1 [email protected] https://www.debian.org/securit...
AlmaLinux 10 : httpd (ALSA-2026:21433)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21433 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due...
Linux Distros Unpatched Vulnerability : CVE-2026-49014
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry...
Langflow < 1.7.0 CORS Misconfiguration Account Takeover and RCE (CVE-2025-34291)
The version of Langflow installed on the remote host is prior to 1.7.0. It is, therefore, affected by a remote code execution vulnerability: - An overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origi...
Linux Distros Unpatched Vulnerability : CVE-2026-24193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out- of-bounds write. A successful exploit of this...
PT-2026-44197
Name of the Vulnerable Software and Affected Versions RPM affected versions not specified Description A command injection issue exists in the rpmuncompress utility. When extracting ZIP, 7z, or GEM archive formats to a destination directory, the tool fails to sanitize the top-level folder name...
Canonical Ubuntu Linux 安全漏洞
Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux 6.8 version contained a security vulnerability. This vulnerability stemmed from the lack of lock acquisition when modifying linked lists, which could lead to race conditions...
TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
PT-2026-44695
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in WebAppInstalls allows a local attacker to execute arbitrary code via a malicious file. Recommendations Update Google Chrome on...
PT-2026-44176
This vulnerability in Veeam Service Provider Console allows for remote code execution...
CVE-2026-30761
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...
PT-2026-44664
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description A use after free issue allows a remote attacker to execute arbitrary code via a crafted HTML page. This exploitation requires the attacker to convince a user to perform specific...
TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
CVE-2026-37266
An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...