Linux Distros Unpatched Vulnerability : CVE-2026-6751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird...

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

EUVD-2026-23778

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

Linux Distros Unpatched Vulnerability : CVE-2026-5265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using t...

Linux Distros Unpatched Vulnerability : CVE-2026-41254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

Linux Distros Unpatched Vulnerability : CVE-2026-40341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to cras...

CVE-2026-40346

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

CVE-2026-40341

CVE-2026-40341 affects the libgphoto2 library. In versions up to and including 2.5.33, an out-of-bounds read in ptp_unpack_EOS_FocusInfoEx could crash libgphoto2 when processing input from untrusted USB devices. A patch was introduced in commit c385b34af260595dfbb5f9329526be5158985987. No known w...

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

Linux Distros Unpatched Vulnerability : CVE-2026-40228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a logger -p emerg command is executed, if...

Linux Distros Unpatched Vulnerability : CVE-2026-40226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. CVE-2026-40226 Note that Nessus relies o...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.4 Vulnerability Details CVEID:CVE-2026-33173 DESCRIPTION: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController...

GHSA-HV99-MXM5-Q397 Weblate: Arbitrary File Read via Symlink

Impact The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository. Patches https://github.com/WeblateOrg/weblate/pull/18683 References Thanks to @DavidCarliez for reporting this vulnerability via GitHub...

CVE-2024-8354 affecting package qemu for versions less than 9.1.0-3

CVE-2024-8354 affecting package qemu for versions less than 9.1.0-3. A patched version of the package is available...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007204)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007204 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory,...

Linux Distros Unpatched Vulnerability : CVE-2026-6300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

Linux Distros Unpatched Vulnerability : CVE-2026-40919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-6307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...