Linux Distros Unpatched Vulnerability : CVE-2026-31391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads. CVE-2026-31391 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2026-23430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak. CVE-2026-23430 Note that Nessu...

Linux Distros Unpatched Vulnerability : CVE-2026-31402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded...

Linux Distros Unpatched Vulnerability : CVE-2026-34092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files...

Linux Distros Unpatched Vulnerability : CVE-2026-34091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7,...

Linux Distros Unpatched Vulnerability : CVE-2026-22815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling...

Linux Distros Unpatched Vulnerability : CVE-2026-35540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF ...

Linux Distros Unpatched Vulnerability : CVE-2026-35537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file...

Linux Distros Unpatched Vulnerability : CVE-2026-35387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is...

Linux Distros Unpatched Vulnerability : CVE-2026-35385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performe...

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

CVE-2026-34788

Emlog vulnerability CVE-2026-34788 affects the core SQL layer in tag_model.php (updateTagName()). In versions up to 2.6.2, the function directly interpolates user input into SQL without parameterized queries or proper escaping, enabling SQL injection. Impact is high for confidentiality and integr...

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

PT-2026-30268

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag model.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapi...

Linux Distros Unpatched Vulnerability : CVE-2026-34520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted nul...

Linux Distros Unpatched Vulnerability : CVE-2026-34036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions 22.0.4 and prior, there is a Local File...

Linux Distros Unpatched Vulnerability : CVE-2026-23404

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-5316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to...