125261 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-45698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45698 Note that Nessus relies on the presence of the package as reported by the vendor...
VMSA-2026-0003: VMware Fusion updates address privilege escalation vulnerability (CVE-2026-41702)
Advisory ID: | VMSA-2026-0003 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.8 Synopsis: | VMware Fusion updates address privilege escalation vulnerability CVE-2026-41702 Issue date: | 2026-05-14 Updated on: | 2026-05-14 Initial Advisory CVEs | CVE-2026-41702 1. Impacted Products VMware...
Linux Distros Unpatched Vulnerability : CVE-2026-45355
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45355 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-45356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45356 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-45354
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45354 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-44053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or...
Linux Distros Unpatched Vulnerability : CVE-2026-45699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45699 Note that Nessus relies on the presence of the package as reported by the vendor...
TencentOS Server 4: nginx (TSSA-2026:0279)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-43961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - vim - None Ubuntu Linux - Unknown description CVE-2026-43961 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-43901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier,...
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage: https://supsystic.com/plugins/contact-form-plugin/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: str: try: res = requests.geturl...
Apache HertzBeat 1.8.0 - Remote Code Execution
Exploit Title: Apache HertzBeat 1.8.0 - Remote Code Execution Google Dork: N/A Date: 2026-03-09 Exploit Author: Brett Gervasoni Vendor Homepage: https://hertzbeat.apache.org/ Software Link: https://github.com/apache/hertzbeat/releases Version: 1.8.0 Tested on: Linux Docker; official HertzBeat...
curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0
The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...
Security Bulletin: IBM i is Affected By A Cross-Site Scripting Vulnerability in Navigator for i [CVE-2026-0540]
Summary Navigator for IBM i uses the Monaco editor to edit config files. The Monaco editor uses DOMPurify to sanitize the HyperText Markup Language HTML in the editor. DOMPurify is vulnerable to improper neutralization of input by using rawtext elements missing from the SAFEFORXML regex...
Security Bulletin: IBM i is Affected by a Denial of Service Vulnerability [CVE-2026-6936]
Summary IBM i is vulnerable to denial of service due to uncontrolled recurision in the Integrated Language Environment ILE compiler as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-6936 DESCRIPTION: IBM i is vulnerable to a denial-of-service attack due to...
CVE-2026-45054
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-45054
CubeCart 6.x prior to 6.7.0 contains an SQL injection vulnerability in the admin orders-transactions listing (admin.php?_g=orders&node=transactions). The vulnerability arises because the code builds a raw ORDER BY clause from the attacker-controlled $_GET['sort'] array without proper validation, ...
CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2026-45054
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
EUVD-2026-30171
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...