CVE-2026-5941

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

AIX : Multiple Vulnerabilities (IJ58122)

The version of AIX installed on the remote host is prior to APAR IJ58122. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58122 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1738)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1738 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

Fedora 42 : krb5 (2026-6c99aaa6d3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c99aaa6d3 advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Tenable has extracted the preceding description block directly from the Fedora...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 26.5 and iPadOS prior to 26.5 contained security vulnerabilities. These...

CVE-2026-5941 Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

CVE-2026-5941

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

EUVD-2026-25827

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

PT-2026-35403

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1535)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1535 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

RHEL 8 : gimp:2.8 (RHSA-2026:5437)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5437 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 9 : gimp (RHSA-2026:5389)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5389 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

TinyWeb 安全漏洞

TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.04 contained security vulnerabilities. These vulnerabilities stemmed from the parser not strictly rejecting dangerous control characters in header lines and header values, which could...

RockyLinux 8 : php:8.2 (RLSA-2025:15687)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15687 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

iccDEV code-related vulnerabilities

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.2 contained code-related vulnerabilities. These vulnerabilities stemmed from undefined behavior during the parsing of ICC configuration files in XML format;...

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

MiracleLinux 8 : php:8.2 (AXSA:2025-10854:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10854:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

TencentOS Server 3: python39:3.9 (TSSA-2025:1001)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1001 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Siemens Solid Edge Multiple Vulnerabilities (SSA-541582)

The version of Siemens Solid Edge installed on the remote Windows host is prior to SE2024 V224.0 Update 14 or SE2025 V225.0 Update 6. It is, therefore, affected by multiple vulnerabilities as disclosed in the SSA-541582 vendor advisory: - The affected applications contains an out of bounds write...

USN-7807-1: GStreamer Base Plugins vulnerabilities

Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain integer operations. An attacker could possibly use this issue to execute arbitrary code. CVE-2023-37327, CVE-2024-4453 Michael Randrianantenaina discovered that GStreamer Base Plugins did not correct...