Linux Distros Unpatched Vulnerability : CVE-2026-11788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an...

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

PT-2026-47776

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

PT-2026-48264

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions prior to 26.001.21652 Description An out-of-bounds read issue occurs when the software processes a malicious file, which can lead to the disclosure of sensitive memory information or cause a denial of service...

RHEL 8 : thunderbird (RHSA-2026:24718)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24718 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

PT-2026-48303

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An issue exists in the $ internalApplyOplogUpdate aggregation pipeline stage where an authenticated user with access to the aggregate command can execute a document diff containing a malforme...

PT-2026-47529

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified SAP ABAP Platform affected versions not specified Description Improper RFC Remote Procedure Call protocol validation in the SAP Kernel allows an unauthenticated attacker to...

FreeBSD Security Advisory - FreeBSD-SA-26:29.ip6_multicast

FreeBSD Security Advisory - The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to fre...

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

FreeBSD -- Arbitrary file overwrite via the KTLS receive path

Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...

FreeBSD -- Multiple vulnerabilities in the sound(4) mmap path

Problem Description: The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length...

APSB26-63 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory exposure...

PT-2026-48128

Name of the Vulnerable Software and Affected Versions AMD uProf affected versions not specified Description Improper access control in AMD uProf allows a local attacker with user privileges to write to the kernel-shared memory section. This issue involves a kernel write primitive in the...

PT-2026-48322

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

Linux Distros Unpatched Vulnerability : CVE-2026-11669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain...

Linux Distros Unpatched Vulnerability : CVE-2026-46322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns...

RHEL 8 : firefox (RHSA-2026:24755)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24755 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

APSB26-58 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

PT-2026-47689

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

FreeBSD Security Advisory - FreeBSD-SA-26:27.sound

FreeBSD Security Advisory - The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingle validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and...