PT-2026-45022

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM allows the exclusion of public network builtins from the wildcard builtin option, which blocks direct access to modules such as 'http', 'https', 'http2', 'net', 'dgram', 'tls', 'dns', and...

SUSE SLES16 Security Update : nginx (SUSE-SU-2026:21832-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21832-1 advisory. This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the...

CVE-2026-46821

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2026-46820

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2026-46104

A flaw was found in the Linux kernel's SELinux Security-Enhanced Linux socket permission helpers. In configurations where multiple Linux Security Modules LSMs are active, the system may incorrectly access socket security data. This can lead to invalid security identifiers SIDs and class values...

EUVD-2026-33044

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2026-46821

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

EUVD-2026-33043

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2026-46820

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

RLSA-2026:19216 Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

EUVD-2026-32863

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

CVE-2026-46104 selinux: use sk blob accessor in socket permission helpers

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

BIT-JOOMLA-2026-25900 Joomla! Core - [20260501] - XSS in feed modules

Lack of output escaping leads to a XSS vector in the feed modules...

PT-2026-44517

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Financials Common Modules versions 12.2.3 through 12.2.15 Description An issue in the Common Components component of Oracle Financials Common Modules allows a low privileged attacker with network access via HTTP ...

RHEL 9 : python3.9 (RHSA-2026:21682)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21682 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2026-44516

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Financials Common Modules versions 12.2.3 through 12.2.15 Description An issue in the Common Components of the Oracle Financials Common Modules allows a low privileged attacker with network access via HTTP to...

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

EUVD-2026-31959

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit...