Linux Distros Unpatched Vulnerability : CVE-2026-34982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user...

CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...

CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

CVE-2026-34243

CVE-2026-34243 affects the Wenxian tool (versions up to 0.3.1 and earlier) where a GitHub Actions workflow uses untrusted input from issue_comment.body directly inside a shell command, enabling command injection and potential arbitrary code execution on the runner. The vulnerability stems from in...

CVE-2026-34036

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions 22.0.4 and prior, there is a Local File Inclusion LFI vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting...

PT-2026-29445

@jxnlco @emilyzsh I think he is referring to that recent CVE-2026-4417 — OpenAI Codex vulnerability where excessive usefulness leads to immediate $200/month spend escalation. No patch available; users report “this is actually worth it” before wallet compromise...

Linux Distros Unpatched Vulnerability : CVE-2026-5037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing ...

Linux Distros Unpatched Vulnerability : CVE-2017-20225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary chec...

CVE-2026-33697

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

Linux Distros Unpatched Vulnerability : CVE-2026-27879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A resample query can be used to trigger out-of-memory crashes in Grafana. CVE-2026-27879 Note that Nessus relies on the presence of the package as reported by t...

Linux Distros Unpatched Vulnerability : CVE-2025-64998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions ...

Linux Distros Unpatched Vulnerability : CVE-2026-4726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVE-2026-4726 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2026-32287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level...

Linux Distros Unpatched Vulnerability : CVE-2026-4723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVE-2026-4723 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-4725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVE-2026-4725 Note th...

PT-2026-28693

Name of the Vulnerable Software and Affected Versions SourceCodester Diary App version 1.0 Description A cross-site request forgery condition exists in SourceCodester Diary App version 1.0. The issue is related to a manipulation of an unknown function within the diary.php file. The exploit has be...

Linux Distros Unpatched Vulnerability : CVE-2025-70952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory...