Linux Distros Unpatched Vulnerability : CVE-2025-68777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: tiam335xtsc - fix off-by-one error in wireorder validation The current validation 'wireorderi ARRAYSIZEconfigpins' allows wireorderi to equal...

MiracleLinux 8 : gimp:2.8 (AXSA:2025-9613:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9613:01 advisory. gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp off-by-one RCE CVE-2023-44444 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2025-71087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iavf: fix off-by-one issues in iavfconfigrssreg There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory ...

MiracleLinux 7 : glib2-2.56.1-9.0.3.el7.AXS7 (AXSA:2025-10925:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10925:04 advisory. CVE-2024-52533: fix off-by-one error leading to buffer overflow in gsocks4aproxy.c CVEs: CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has ...

Zer0n: An AI-Assisted Vulnerability Discovery and Blockchain-Backed Integrity Framework

As vulnerability research increasingly adopts generative AI, a critical reliance on opaque model outputs has emerged, creating a "trust gap" in security automation. We address this by introducing Zer0n, a framework that anchors the reasoning capabilities of Large Language Models LLMs to the...

CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation aka conduct a "tear off" attack over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation,...

CVE-2022-31468

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter...

CVE-2025-23554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jakub Glos Off Page SEO off-page-seo allows Reflected XSS.This issue affects Off Page SEO: from n/a through = 3.0.3...

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

CVE-2025-14146 Booking Calendar <= 10.14.10 - Unauthenticated Sensitive Information Exposure

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

PT-2026-1731

Name of the Vulnerable Software and Affected Versions Booking Calendar versions prior to 10.14.11 Description The Booking Calendar plugin for WordPress is susceptible to sensitive information exposure via the WPBC FLEXTIMELINE NAV AJAX action. This occurs because nonce verification is conditional...

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000508 advisory. An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data,...

GHSA-69F9-5GXW-WVC2 AIOHTTP's unicode processing of header values could cause parsing discrepancies

Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

PT-2026-26145

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTE ARRAY STOP method, an out-by-one error in the cram byte arra...

PT-2026-28660

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A heap buffer over-read exists in the PCX file loader due to an off-by-one error. A remote attacker can exploit this by tricking a user into opening a specially crafted PCX image, potentially...

PT-2026-26116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to the liquidio component. Specifically, a flaw was identified in the setup nic devices function where an off-by-one error in the cleanup loop...

PT-2026-4318

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description An error in QEMU’s KVM Xen guest support allows a malicious guest to cause out-of-bounds heap accesses within the QEMU process. This is triggered through the emulated Xen physdev hypercall...

SUSE CVE-2023-54222

In the Linux kernel, the following vulnerability has been resolved: hte: tegra-194: Fix off by one in tegrahtemaptolineid The "mapsz" is the number of elements in the "m" array so the comparison needs to be changed to = to prevent an out of bounds read...

Unity Linux 20.1070e Security Update: libarchive (UTSA-2025-993342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993342 advisory. A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names...