CVE-2023-42346

CVE-2023-42346 affects Alkacon OpenCms before version 16, where an external-hosted DOCTYPE can trigger a server-side XML External Entity (XXE) vulnerability. The root cause is improper handling of external entities in XML processing, leading to potential exposure of confidential data (CVSS 3.1 ba...

Linux Distros Unpatched Vulnerability : CVE-2026-43396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly...

Linux Distros Unpatched Vulnerability : CVE-2026-43471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer...

PT-2026-39191

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...

PT-2026-39014

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the HCI DMA dequeue path within the hci dma dequeue xfer function. This function, which is not serialized, can be invoked for multiple transfers that timeout...

Linux Distros Unpatched Vulnerability : CVE-2025-71302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 dma-fence: Add safe access helpers and document the rules details the dma-fence safe acces...

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

Linux Distros Unpatched Vulnerability : CVE-2026-43452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i +...

Linux Distros Unpatched Vulnerability : CVE-2026-43409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe...

Linux Distros Unpatched Vulnerability : CVE-2026-43296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the USB Legacy NCM driver, which delays the allocation of netdevice in gncmbind, and fail...

PT-2026-39093

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the xhci disable slot function. The xhci alloc command function allocates a command structure and, in certain cases, a completion structure. The error handling pa...

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

GHSA-XHRW-5QXX-JPWR Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

CVE-2026-7875

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

CVE-2026-26956

A flaw was found in vm2, an open-source sandbox for Node.js. An attacker can exploit this vulnerability by running malicious code within the VM.run function, allowing them to escape the sandbox and gain access to the host process. This can lead to arbitrary code execution on the host system,...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

MAL-2026-3368 Malicious code in yc-depconf-test-807dff (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fe18d1e58fe7fbcd1a68dc26d47c9fa27f9678cf4bc50e3aa4ad35b16d0f85ce Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...