RHCOS 6 : Ruby on Rails (RHSA-2013:0153)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. - rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack CVE-2013-0156 Note that Nessus has not tested for this...

SUSE-SU-2026:1674-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algifaead bsc1262573...

WordPress Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News plugin <= 3.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin News & Blog Designer Pack versions = 3.4.9...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539 Notepad++ 8.9.3 Format String Injection via nativeLang.xml

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

CVE-2026-6539

Notepad++ 8.9.3 is affected by a vulnerability described as a format string injection in the Find Results panel handler, triggered by a malicious nativeLang.xml language pack. The issue can be introduced by poisoned language packs distributed via community channels and triggers format string inte...

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

EUVD-2026-26436

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

PT-2026-36185

Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3 Description A format string injection exists in the Find Results panel handler. This occurs when the application processes a maliciously crafted nativeLang.xml language pack file. An attacker can distribute a poisoned...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1634)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1634 advisory. Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. CVE-2026-40372 Tenable has extracted the preceding description blo...

VulnCheck KEV: CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2026-40745

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...

ROOT-APP-MAVEN-CVE-2025-68390 CVE-2025-68390 in io.root.org.elasticsearch.plugin:x-pack-core - Patched by Root

Root has patched CVE-2025-68390 in the io.root.org.elasticsearch.plugin:x-pack-core package for Root:Maven. Multiple fixed versions available...

usbip: validate number_of_packets in usbip_pack_ret_submit()

...

Command Injection

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the uploadpack or receivepack kwargs in the Repo.clonefrom, Remote.fetch, Remote.pull, or Remote.push functions. An attacker can execute arbitrar...

GHSA-82J2-J2CH-GFR8 vulnerabilities

Vulnerabilities for packages: parseable, tealdeer, wasmtime, nushell, qdrant, zellij, wasm-pack, asciinema, linkerd-network-validator, cargo-audit, uv, rustls-openssl-client, mise, lychee, sentry-cli, ntpd-rs, xh, linkerd2-proxy, buck2, sccache, garage, rustup, sqlx, pixi, zizmor, samply,...

OESA-2026-2069 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

OESA-2026-2067 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

DEBIAN-CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...