Linux Distros Unpatched Vulnerability : CVE-2026-3449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Enterprise Linux - @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal CVE-2026-3449 Note tha...

CVE-2026-3520 Multer vulnerable to Denial of Service via uncontrolled recursion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

Linux Distros Unpatched Vulnerability : CVE-2025-48509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory,...

Linux Distros Unpatched Vulnerability : CVE-2025-64736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafte...

Linux Distros Unpatched Vulnerability : CVE-2026-3408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML...

Linux Distros Unpatched Vulnerability : CVE-2025-0012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of overlap between the segmented reverse map table RMP and system management mode SMM memory could allow a privileged attacker corrupt or...

CVE-2026-3484

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

GHSA-9868-VXMX-W862 OpenClaw's system.run allowlist bypass via shell line-continuation command substitution

Summary In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\ + newline + inside double quotes. Analysis treated the payload as allowlisted for example /bin/echo, while shell runtime folded the line continuation into $... and...

CVE-2026-3484 PhialsBasement nmap-mcp-server Nmap CLI index.ts child_process.exec command injection

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

CVE-2026-3484

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

CVE-2026-3484

CVE-2026-3484 affects PhialsBasement nmap-mcp-server (Nmap CLI Command Handler). The vulnerability is in the function child_process.exec in src/index.ts, enabling remote command injection . Affected versions are up to bee6d23547d57ae02460022f7c78ac0893092e38 (rolling release; no specific version ...

CVE-2026-20430

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151...

SUSE CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

CVE-2025-64427

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) is vulnerable to Server-Side Request Forgery (SSRF) in version 1.5.0 and earlier. An authenticated local user can craft requests to internal targets (127.0.0.1, localhost, private ranges) due to insufficient URL validation/restriction, ...

EUVD-2026-9206

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, th...

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

UBUNTU-CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

Linux Distros Unpatched Vulnerability : CVE-2026-3283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulatio...