4571 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
CVE-2026-7597
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
CVE-2026-42234 n8n: Python Task Runner Sandbox Escape
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.
Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...
ROOT-OS-DEBIAN-12-CVE-2026-35385 CVE-2026-35385 in rootio-openssh - Patched by Root
Root has patched CVE-2026-35385 in the rootio-openssh package for Root:Debian:12. Multiple fixed versions available...
CVE-2026-20449
In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...
CVE-2026-7728 ryanjoachim mcp-rtfm MCP update_doc path traversal
A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...
Astra Linux – Vulnerability in ModSecurity-Apache
ModSecurity is an open-source, cross-platform Web Application Firewall WAF engine for Apache, IIS, and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in a specific scenario: when the payload’s content type is application/json, and there is at least one rule that...
Astra Linux – Vulnerability in TIF format
A vulnerability has been discovered in LibTIFF. It has been classified as critical. This vulnerability affects the TIFFReadRGBATileExt function in the file libtiff/tifgetimage.c. Manipulation of this function can lead to integer overflow. The attack can be initiated remotely. The exploit has been...
PT-2026-36620
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote...
Linux Distros Unpatched Vulnerability : CVE-2026-41647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daem...
Linux Distros Unpatched Vulnerability : CVE-2026-5080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints o...
Linux Distros Unpatched Vulnerability : CVE-2026-6520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-6520 Note that Nessus relies on t...
Linux Distros Unpatched Vulnerability : CVE-2026-42050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could...
Linux Distros Unpatched Vulnerability : CVE-2026-31717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user w...
Linux Distros Unpatched Vulnerability : CVE-2026-40197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an...
CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...
CVE-2026-7597
The CVE-2026-7597 vulnerability affects mem0ai mem0 up to version 1.0.11, specifically the pickle.load/pickle.dump path in mem0/vector_stores/faiss.py. An attacker can trigger deserialization remotely via manipulation of pickle operations. Public exploit details exist per the sources. The patch i...
CVE-2026-7582
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally...
CVE-2026-7582
CVE-2026-7582 affects AcademySoftwareFoundation OpenImageIO prior to 3.2.0.1-dev in the DDS Image Handler, specifically the file src/dds.imageio/ddsinput.cpp. The issue is an out-of-bounds write in the DDS input handling. Exploitation is described as local, with a public exploit available. A patc...