CVE-2026-8744

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogssbisubscriptiondataadd/ogssbinfserviceadd in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-8836

A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...

@tmlmobilidade/utils has prototype pollution in its setValueAtPath

Impact Prototype pollution vulnerability in @tmlmobilidade/utils for setValueAtPath. Patches A fix is available in versions 20260509.0340.15 and up...

CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

CVE-2026-8784

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function changefilestatus of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

CVE-2026-8784

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-8743

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ranuefindbyamfuengapid of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-8744

Open5GS up to 2.7.7 is affected by a denial-of-service in the NRF component, specifically in ogs_sbi_subscription_data_add and ogs_sbi_nf_service_add within /lib/sbi/context.c. The flaw enables remote exploitation and a public exploit exists. Remediation requires applying the official patch refer...

CVE-2026-8743

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ranuefindbyamfuengapid of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public...

CVE-2026-8743 Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id improper authorization

A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ranuefindbyamfuengapid of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public...

Linux Distros Unpatched Vulnerability : CVE-2026-41051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...

Linux Distros Unpatched Vulnerability : CVE-2026-43906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0...

Linux Distros Unpatched Vulnerability : CVE-2026-6811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances whe...

CVE-2026-7262 affecting package php for versions less than 8.3.31-1

CVE-2026-7262 affecting package php for versions less than 8.3.31-1. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-8401

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

Linux Distros Unpatched Vulnerability : CVE-2026-8389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. CVE-2026-8389 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2026-45356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45356 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-8526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-44058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth...

Linux Distros Unpatched Vulnerability : CVE-2026-44051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary...