PT-2026-2974

Mattermost has missing redirect URL validation in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

PT-2026-2908

Name of the Vulnerable Software and Affected Versions AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 Description An issue allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device. The UART port is...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

PT-2026-2571

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

VulnCheck KEV: CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

PT-2026-2568

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

MiracleLinux 4 : perl-5.10.1-119.AXS4 (AXSA:2011-570:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-570:01 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...

MiracleLinux 3 : nss_ldap-253-3.1AXS3 (AXSA:2008-84:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2008-84:01 advisory. Description of problem: The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows applications to retrieve...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001082)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001082 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

MiracleLinux 3 : pam_krb5-2.2.14-15 (AXSA:2010-171:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-171:01 advisory. This is pamkrb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, an...

MiracleLinux 4 : perl-DBD-Pg-2.15.1-4.AXS4 (AXSA:2012-750:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-750:01 advisory. An implementation of DBI for PostgreSQL for Perl. Security issues fixed with this release: CVE-2012-1151 No description available at the time of writing, plea...

ROS-20260114-7323

A vulnerability in the netemdequeue function of the net/sched/schnetem.c module of the net/sched traffic control subsystem of the net/sched kernel of the Linux operating system is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001561 advisory. An issue was discovered in the Linux kernel before 5.11.11. qrtrrecvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory becaus...

PT-2026-2564

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

MiracleLinux 4 : postgresql-8.4.7-1.AXS4.1 (AXSA:2011-38:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-38:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Google Guest Agent vulnerability (USN-7956-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7956-1 advisory. Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not...

MiracleLinux 4 : php-5.3.3-3.AXS4.6 (AXSA:2012-101:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-101:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

CVE-2026-22608

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...