Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

CVE-2026-41377 OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

RHEL 9 : python3.11 (RHSA-2026:9042)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:9042 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RockyLinux 9 : python3.11 (RLSA-2026:6286)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6286 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

MiracleLinux 8 : python3-3.6.8-75.el8_10.ML.1 (AXSA:2026-407:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-407:04 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly...

Not Failing Securely ('Failing Open')

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the verifyhash function in authlib/oidc/core/claims.py. An attacker can substitute an access token or authorization code undetect...

OESA-2026-1441 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

CVE-2023-29053

A vulnerability has been identified in JT Open All versions V11.3.2.0, JT Utilities All versions V13.3.0.0. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the...

kernel: Linux kernel: Privilege escalation or Denial of Service via TCP Fast Open vulnerability

A flaw was found in the Linux kernel. A local attacker with low privileges could exploit a memory corruption vulnerability, specifically a use-after-free and double-free, within the TCP Fast Open TFO socket processing. This occurs when a listener is closed while a TFO socket is being processed in...

Structured Extraction of Vulnerabilities in OpenVAS and Tenable WAS Reports Using LLMs

This paper proposes an automated LLM-based method to extract and structure vulnerabilities from OpenVAS and Tenable WAS scanner reports, converting unstructured data into a standardized format for risk management. In an evaluation using a report with 34 vulnerabilities, GPT-4.1 and DeepSeek...

EUVD-2017-9393

Malware in sbrugna...

EUVD-2010-0858

Malware in sbrugna...

EUVD-2018-12735

Malware in sbrugna...

EUVD-2025-18897

Malicious code in bioql PyPI...

react-calendar1 (>=0.1.0 <=1.1.4) potentially affected by unknown CVE via react-google-calendar-events (=0.0.1-security)

react-google-calendar-events NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on react-google-calendar-events and may be impacted: - react-calendar1 =0.1.0, =1.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2025-31791...

Agorum core open 安全漏洞

Agorum core open is an enterprise content management system from Agorum Germany. A security vulnerability exists in Agorum core open versions prior to 11.9.2 and prior to 11.10.1, which stems from improper access control and could result in elevated privileges...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

CVE-2025-52968

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie...

OpenSCAP Libraries 1.3.12

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...