4512 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-71227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mac80211: don't WARN for connections on invalid channels It's not clear to me how exactly syzbot managed to hit this, but it seems conceivable that e.g...
Linux Distros Unpatched Vulnerability : CVE-2026-2049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...
Linux Distros Unpatched Vulnerability : CVE-2026-2050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - ZDI-CAN-28266: New Vulnerability Report at rgbe.c CVE-2026-2050 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-23182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: tegra: Fix a memory leak in tegraslinkprobe In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, which...
Linux Distros Unpatched Vulnerability : CVE-2026-26081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - haproxy - None Ubuntu Linux - crash via INITIAL packet for the NEWTOKEN format CVE-2026-26081 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2025-69634
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE:...
Linux Distros Unpatched Vulnerability : CVE-2026-26076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...
Linux Distros Unpatched Vulnerability : CVE-2026-25611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. CVE-2026-25611 Note that Nessus relies on th...
Linux Distros Unpatched Vulnerability : CVE-2026-25609
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. CVE-2026-25609 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2026-25610
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints. CVE-2026-25610 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2026-2322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...
Linux Distros Unpatched Vulnerability : CVE-2026-2323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-2320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...
Linux Distros Unpatched Vulnerability : CVE-2025-52536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrit...
Linux Distros Unpatched Vulnerability : CVE-2026-0964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused...
Linux Distros Unpatched Vulnerability : CVE-2026-0966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely b...
Linux Distros Unpatched Vulnerability : CVE-2026-1584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-1584 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable...
MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...
MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability
Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...
GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...