Linux Distros Unpatched Vulnerability : CVE-2026-5761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - qemu - None Ubuntu Linux - virtio-blk: zone report buffer out-of-memory CVE-2026-5761 Note that Nessus relies on the presence of the package as...

Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

Linux Distros Unpatched Vulnerability : CVE-2026-31442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset FLR concludes correctly, but in the second FLR the...

PT-2026-43126

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description The decompress R2004 section function within the src/decode.c file of the Dwgread Utility contains an uncontrolled reachable assertion. This issue allows a local attacker to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-35334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - strongswan - None Ubuntu Linux - Possible NULL-Pointer Dereference in RSA Decryption CVE-2026-35334 Note that Nessus relies on the presence of th...

CVE-2026-41320 Frappe HR has possibility of SQL Injection due to improper field sanitization

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...

PT-2026-34214

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...

Linux Distros Unpatched Vulnerability : CVE-2026-6751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2026-6761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

Linux Distros Unpatched Vulnerability : CVE-2026-6769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

EUVD-2026-23778

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

Linux Distros Unpatched Vulnerability : CVE-2026-5265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using t...

Linux Distros Unpatched Vulnerability : CVE-2026-41254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

Linux Distros Unpatched Vulnerability : CVE-2026-40341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to cras...

CVE-2026-40346

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

CVE-2026-40341

CVE-2026-40341 affects the libgphoto2 library. In versions up to and including 2.5.33, an out-of-bounds read in ptp_unpack_EOS_FocusInfoEx could crash libgphoto2 when processing input from untrusted USB devices. A patch was introduced in commit c385b34af260595dfbb5f9329526be5158985987. No known w...