Linux Distros Unpatched Vulnerability : CVE-2026-41438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

Linux Distros Unpatched Vulnerability : CVE-2026-39826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the...

Linux Distros Unpatched Vulnerability : CVE-2026-43143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access...

Linux Distros Unpatched Vulnerability : CVE-2026-35582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-35582 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2026-27856

CVE-2026-27856 concerns the doveadm credential verification path, where direct comparison enables a timing oracle to determine configured credentials. The issue affects the doveadm HTTP service component used by Open-Xchange-related deployments, enabling an attacker to infer credentials through t...

Linux Distros Unpatched Vulnerability : CVE-2026-26130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Note that...

Linux Distros Unpatched Vulnerability : CVE-2025-47911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an...

CVE-2025-43027

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this...

EUVD-2025-37315

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

APSB25-96 : Security update available for Adobe Bridge

Adobe has released a security update for Adobe Bridge. This update addresses a critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates...

EUVD-2024-22912

Malicious code in bioql PyPI...

Rockwell Automation Micro800

RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

August Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (Multiple CVEs)

Summary Ivanti has released updates for Ivanti Connect Secure which addresses medium, high, and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity |...

CBL Mariner 2.0 Security Update: curl / mysql (CVE-2025-0665)

The version of curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0665 advisory. - libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channe...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6554link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...

Exploring an Untethered, Unified Approach to CTEM

We live in a world where traditional Vulnerability Management VM has become infosec’s version of ‘whack-a-mole’— an attempt to tackle risks that constantly shift, multiply, and morph. As organizations push workloads to the cloud, offer customers digital experiences, or as they build AI-enabled...