CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

Linux Distros Unpatched Vulnerability : CVE-2026-28905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5...

ECHO-AFC5-D60F-8677

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-41440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

GHSA-HVHP-V2GC-268Q PraisonAI has an Arbitrary File Write in Python API

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. writefile skips path validation when workspace=None always None in production. Affected PraisonAI outputfile: /tmp/flag.txt...

BELL-CVE-2025-71308 CVE-2025-71308 does not affect BellSoft software

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-9959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium securit...

Linux Distros Unpatched Vulnerability : CVE-2026-9987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-9949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2025-70103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

Linux Distros Unpatched Vulnerability : CVE-2026-9932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-46199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg. CVE-2026-46199 Note that Nessus relie...

PT-2026-45056

Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...

BELL-CVE-2026-46060 CVE-2026-46060 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-45955 CVE-2026-45955 does not affect BellSoft software

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-46636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-twig - None Ubuntu Linux - Unknown description CVE-2026-46636 Note that Nessus relies on the presence of the package as reported by the vendo...

Langflow < 1.7.0 CORS Misconfiguration Account Takeover and RCE (CVE-2025-34291)

The version of Langflow installed on the remote host is prior to 1.7.0. It is, therefore, affected by a remote code execution vulnerability: - An overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origi...

Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...