Linux Distros Unpatched Vulnerability : CVE-2026-35329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - NULL-Pointer Dereference When Processing Padding in PKCS7 CVE-2026-35329 Note that Nessus relies on the presence...

RHEL 7 : java-1.8.0-openjdk (RHSA-2026:9682)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9682 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Linux Distros Unpatched Vulnerability : CVE-2026-31441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: idxd: Fix memory leak when a wq is reset idxdwqdisablecleanup which is called from the reset path for a workqueue, sets the wq type to NONE, which fo...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013747 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013658 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following...

Linux Distros Unpatched Vulnerability : CVE-2026-35332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - NULL-Pointer Dereference When Handling ECDH Public Value in TLS CVE-2026-35332 Note that Nessus relies on the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013809 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of...

Linux Distros Unpatched Vulnerability : CVE-2026-35333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - Integer Underflow When Handling RADIUS Attributes CVE-2026-35333 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2026-31510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013628 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the...

Linux Distros Unpatched Vulnerability : CVE-2026-35334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - Possible NULL-Pointer Dereference in RSA Decryption CVE-2026-35334 Note that Nessus relies on the presence of th...

PT-2026-34346

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dmaengine idxd component when a workqueue is reset. The function idxd wq disable cleanup sets the workqueue type to NONE before its resources are released,...

Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK:...

ALSA-2026:9693 Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK:...

RHEL 10 / 9 : java-25-openjdk (RHSA-2026:9693)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9693 advisory. The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixe...

📄 WordPress Highlight and Share 5.2.0 Missing Authentication

WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...

CVE-2026-40929

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/commentDelete.json.php is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call forbidIfIsUntrustedRequest, does not verify a CSRF/global token, and does not check...

CVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...

EUVD-2026-24531

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...

CVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...