2189 matches found
Debian: Security Advisory (DLA-4530-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2026-1559)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1559 advisory. In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...
CVE-2026-26962 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails...
CVE-2022-28108 vulnerabilities
Vulnerabilities for packages: hadoop-fips...
Cross-site Scripting (XSS)
Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...
Linux Distros Unpatched Vulnerability : CVE-2026-31842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....
Missing Report of Error Condition
Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...
GHSA-C427-H43C-VF67 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, checkov, py3-cassandra-medusa, kserve, dask-kubernetes, open-webui, airflow...
CVE-2026-25541 affecting package rust for versions less than 1.90.0-6
CVE-2026-25541 affecting package rust for versions less than 1.90.0-6. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2026-34601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...
GHSA-46XP-26XH-HPQH vulnerabilities
Vulnerabilities for packages: docker-machine-driver-harvester...
GHSA-9XRJ-H377-FR87 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, gitlab-rails-ce-fips, gitlab-rails-ce, ruby3.4-rails...
Linux Distros Unpatched Vulnerability : CVE-2026-33347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an...
Embedded Malicious Code
Overview @emilgroup/partner-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM...
Malicious code in internal-api-insights (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b02a86affbdb1f89c5fff800bc1a2c78125d1536f84ed7caa8507f14d0ebf5c The package internal-api-insights was found to contain malicious code...
CVE-2025-58190 affecting package gh for versions less than 2.62.0-13
CVE-2025-58190 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...
Linux Distros Unpatched Vulnerability : CVE-2026-31802
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction director...
PYSEC-2026-121
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
GHSA-HFPC-8R3F-GW53 vulnerabilities
Vulnerabilities for packages: efs-utils, nushell, zizmor, linkerd2-proxy, deno, rustls-ffi, lychee, py3-xet-core, linkerd-network-validator, zed, linkerd2, zellij, cargo-audit, ztunnel, parseable, linkerd-extension-init, uv, buck2, ntpd-rs, rustup, pixi...