Linux Distros Unpatched Vulnerability : CVE-2025-69634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE:...

Linux Distros Unpatched Vulnerability : CVE-2026-26076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...

Linux Distros Unpatched Vulnerability : CVE-2026-25609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. CVE-2026-25609 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2026-25610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints. CVE-2026-25610 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-25611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. CVE-2026-25611 Note that Nessus relies on th...

Linux Distros Unpatched Vulnerability : CVE-2026-2323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-2322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...

Linux Distros Unpatched Vulnerability : CVE-2026-2320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...

Linux Distros Unpatched Vulnerability : CVE-2026-1584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-1584 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable...

Linux Distros Unpatched Vulnerability : CVE-2026-0966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely b...

Linux Distros Unpatched Vulnerability : CVE-2026-0964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused...

Linux Distros Unpatched Vulnerability : CVE-2025-52536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrit...

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

GHSA-PFV4-WMPH-5GC6 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

GHSA-87R5-MP6G-5W5J jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

Linux Distros Unpatched Vulnerability : CVE-2026-22044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has...

PT-2026-6995

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0 related to unrestricted file upload. The issue affects the processing of the file /seller/assets/backend/profile/addadhar.php. Manipulation...