GHSA-74R7-3MJM-JC5V eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

Photon OS 4.0: Linux PHSA-2026-4.0-1008

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1008. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Rejected duplicate devices during updates. It is possible for a chain/flowtable update to include duplicate devices within the same batch. Unfortunately, the netdev event path only removes the first device...

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk...

Oracle Application Development Framework 安全漏洞

The Oracle Application Development Framework is an enterprise-level application development framework developed by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Application Development Framework contain security vulnerabilities. These vulnerabilities...

PT-2026-33842

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description An issue in the clouddriver pods allows a bad actor to execute arbitrary commands...

KLA90977 ACE vulnerability in Adobe Acrobat Reader

A remote code execution vulnerability was found in Adobe Acrobat Reader. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories APSB26-43 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware i...

Chromium: CVE-2026-5281 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild...

CVE-2026-29072

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, an...

UBUNTU-CVE-2026-23333

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Linux Distros Unpatched Vulnerability : CVE-2026-29111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v2...

PT-2026-26377

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a...

ROOT-OS-DEBIAN-12-CVE-2026-27798 CVE-2026-27798 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-27798 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2026-25799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV...

EUVD-2026-7465

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via...

SUSE CVE-2026-23129

In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...

CVE-2026-23129

In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...

KLA90876 ACE vulnerability in Microsoft Apps

A remote code execution vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2026-20841 Exploitation Public exploits exist for this vulnerability. Malware exists for this...

BIT-MASTODON-2026-23961 Mastodon may allow a remote suspension bypass

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...