Linux Distros Unpatched Vulnerability : CVE-2026-45934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in...

PT-2026-43457

Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...

Linux Distros Unpatched Vulnerability : CVE-2026-46096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page...

Linux Distros Unpatched Vulnerability : CVE-2026-48692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with...

scramble - Remote Code Execution

Exploit Title: scramble - Remote Code Execution Google Dork: inurl:/docs/api.json "dedoc/scramble" Date: 2026-05-07 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll Vendor Homepage: https://scramble.dedoc.co Software Link: https://github.com/dedoc/scramble Version: =0.13.2,...

MeiG Smart FORGE_SLT711 - OS Command Injection

Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version: Firmware MDM9607.LE.1.0-00110-STD.PROD-1 likely all firmware versions of thi...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2026:2029-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2029-1 advisory. This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interfac...

Linux Distros Unpatched Vulnerability : CVE-2026-46052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: only dadd negative dentries when they are unhashed Ceph can call dadddentry, NULL on a negative dentry that is already present in the primary dcache hash...

PT-2026-43501

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

PT-2026-43804

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...

PT-2026-43721

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...

CVE-2026-45854

crypto: inside-secure/eip93 - unregister only available algorithm...

PT-2026-44162

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

PT-2026-44160

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

PT-2026-44155

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

PT-2026-44161

Name of the Vulnerable Software and Affected Versions Yamcs versions 4.7.3 through 5.12.6 Description The Nashorn ScriptEngine used to evaluate user-supplied algorithm text is constructed without a ClassFilter. This allows a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

PT-2026-44042

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

PT-2026-44170

Name of the Vulnerable Software and Affected Versions mailomat-mailer affected versions not specified Description A Signature Algorithm Downgrade flaw exists in the mailomat-mailer component. This issue allows an attacker to perform complete Signature Forgery, which is the act of creating a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the crypto inside-secure eip93 module not checking hardware support during the exit algorithm,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an iterator error during driver separation in the crypto/inside-secure/eip93 module. This error...