RHEL 7 : perl-YAML-Syck (RHSA-2026:8311)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8311 advisory. This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data...

Linux Distros Unpatched Vulnerability : CVE-2026-20031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS conditi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007228 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simpl...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007337 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: call genlunregisterfamily first in nbdcleanup Otherwise there may be race between module...

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

[SECURITY] Fedora 44 Update: pam-kwallet-6.6.4-1.fc44

PAM module for KWallet...

[SECURITY] Fedora 44 Update: kscreen-6.6.4-1.fc44

KCM and KDED modules for managing displays in KDE...

[SECURITY] Fedora 44 Update: kf6-kidletime-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 integration module for idle time detection...

[SECURITY] Fedora 44 Update: kf6-kiconthemes-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 integration module with icon themes...

[SECURITY] Fedora 44 Update: kf6-knewstuff-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 module for downloading and sharing additional application data like plugins, themes, motives, etc...

[SECURITY] Fedora 44 Update: kf6-knotifyconfig-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 module for KNotify configuration...

[SECURITY] Fedora 44 Update: kf6-kauth-6.25.0-1.fc44

KDE Frameworks 6 module to perform actions as privileged user...

[SECURITY] Fedora 44 Update: aurorae-6.6.4-1.fc44

Aurorae is a themeable window decoration for KWin. It supports theme files consisting of several SVG files for decoration and buttons. Themes can be installed and selected directly in the configuration module of KWin decorations. Please have a look at theme-description on how to write a theme fil...

SUSE CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...