Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004237)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004237 advisory. A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module,...

MiracleLinux 7 : rh-php56-php-5.6.5-8.el7 (AXSA:2016-140:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-140:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...

MiracleLinux 3 : krb5-1.6.1-80.AXS3 (AXSA:2014-537:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-537:02 advisory. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practi...

MiracleLinux 4 : httpd24-httpd-2.4.25-9.AXS4 (AXSA:2017-1637:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1637:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...

MiracleLinux 4 : httpd-2.2.15-31.0.1.AXS4 (AXSA:2014-468:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-468:02 advisory. Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2014-0118 The...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000662)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000662 advisory. The requestmodule function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004422 advisory. In the Linux kernel before 5.1.6, there is a use-after-free in serialirinitmodule in drivers/media/rc/serialir.c. Tenable has extracted the preceding description blo...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001012 advisory. The evmupdateevmxattr function in security/integrity/evm/evmcrypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module EVM is enabled, allows...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001471 advisory. kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel modul...

MiracleLinux 7 : rh-php56-php-5.6.5-9.el7 (AXSA:2016-623:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-623:03 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

CVE-2025-34442

creationtimestamp| type| source ---|---|--- 2026-01-15 23:54:26+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/avideonotifyffmpegunauthrce.rb 2026-01-16 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mckypdx2ay22...

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 is affected by a stored cross-site scripting (XSS) vulnerability in the ticket creation module. The issue allows a low-privilege user to inject JavaScript that can be executed when an administrator copies the crafted ticket text, with potential privilege escalation. Techni...

CVE-2026-21917

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX device configured for UTM Web-Filtering receives a specifical...

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

EUVD-2026-2685

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will...

CVE-2026-21917 Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX device configured for UTM Web-Filtering receives a specifical...

CVE-2026-21917 Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX device configured for UTM Web-Filtering receives a specifical...

Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode

Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...