PT-2026-3382

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

SUSE CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

MiracleLinux 4 : libvirt-0.10.2-62.2.0.1.AXS4 (AXSA:2018-3118:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3118:02 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...

MiracleLinux 4 : libvirt-0.10.2-64.1.0.1.AXS4 (AXSA:2019-3887:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3887:01 advisory. Security Fix - Microarchitectural Store Buffer Data Sampling MSBDS: Store Buffer CVE-2018-12126 - Microarchitectural Load Port Data Sampling MLDPDS:...

MiracleLinux 7 : libvirt-3.9.0-14.5.0.1.el7.AXS7 (AXSA:2018-3138:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3138:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Tenable has extracted the...

CVE-2026-21911

CVE-2026-21911 affects Juniper Networks Junos OS Evolved via an Incorrect Calculation in the Layer 2 Control Protocol Daemon (l2cpd). An unauthenticated, network-adjacent attacker can flap the management interface to disrupt MAC learning over label-switched interfaces (LSI). Impact described in t...

Notepad++ Plugin Persistence

This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use exploit/windows/persistence/notepadppplugin msf...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002555 advisory. Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003164 advisory. Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002751 advisory. The loadsegmentdescriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which...

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

Denial-of-Service (DoS)

Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

MiracleLinux 3 : kernel-2.6.18-128.18.AXS3 (AXSA:2010-285:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-285:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

MiracleLinux 4 : bind-dyndb-ldap-1.1.0-0.9.b1.0.1.AXS4 (AXSA:2012-575:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-575:02 advisory. This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP serve...

MiracleLinux 4 : gegl-0.1.2-4.AXS4 (AXSA:2012-1027:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-1027:01 advisory. EGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and...