PT-2026-36354

Name of the Vulnerable Software and Affected Versions AcademySoftwareFoundation OpenImageIO versions prior to 3.2.0.1-dev Description An out-of-bounds write issue exists within the DDS Image Handler component, specifically affecting the src/dds.imageio/ddsinput.cpp file. This flaw requires local...

VulnCheck KEV: CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

GHSA-W24R-5266-9C3C Clerk has an authorization bypass when combining organization, billing, or reverification checks

Summary has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be false, allowing a gated action to proceed for a user who does not satisfy t...

Linux Distros Unpatched Vulnerability : CVE-2026-41606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, whic...

Linux Distros Unpatched Vulnerability : CVE-2026-42013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back ...

Linux Distros Unpatched Vulnerability : CVE-2026-33846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming...

Linux Distros Unpatched Vulnerability : CVE-2026-40685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header,...

Linux Distros Unpatched Vulnerability : CVE-2026-6535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-6535 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-40684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. Th...

Linux Distros Unpatched Vulnerability : CVE-2026-42009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator...

Linux Distros Unpatched Vulnerability : CVE-2026-42014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gnutls: Fix use-after-free in gnutlspkcs11tokensetpin CVE-2026-42014 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-7376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVE-2026-7376 Note that Nessus relies on the presence of the package as reported by...

📄 EfficientLab Controlio DLL Hijacking

EfficientLab Controlio versions prior to 1.3.95 suffer from dll hijacking vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: DLL Hijacking product: EfficientLab Controlio cloud-based employee monitoring...

Linux Distros Unpatched Vulnerability : CVE-2026-31786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISORxenversionXENVERbuildid is neither NUL terminated nor a string. The first...

Linux Distros Unpatched Vulnerability : CVE-2026-7356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

Linux Distros Unpatched Vulnerability : CVE-2026-4873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial...

Linux Distros Unpatched Vulnerability : CVE-2026-7347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromiu...

Linux Distros Unpatched Vulnerability : CVE-2026-7349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via...

Linux Distros Unpatched Vulnerability : CVE-2026-35251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploi...

Linux Distros Unpatched Vulnerability : CVE-2026-42198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during...