218 matches found
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 Critical. The vulnerability allows any authenticated user to achieve remote code execution RCE on the serv...
Linux Distros Unpatched Vulnerability : CVE-2026-8258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead ...
Linux Distros Unpatched Vulnerability : CVE-2026-43408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following...
Linux Distros Unpatched Vulnerability : CVE-2026-8016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-31543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload...
Linux Distros Unpatched Vulnerability : CVE-2026-3196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - qemu - None Ubuntu Linux - two potential OOB memory accesses in virtio-snd CVE-2026-3196 Note that Nessus relies on the presence of the package a...
Linux Distros Unpatched Vulnerability : CVE-2025-68335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device deta...
Linux Distros Unpatched Vulnerability : CVE-2025-39979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte, where the H...
Linux Distros Unpatched Vulnerability : CVE-2023-53611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit:...
EUVD-2023-38092
Malicious code in bioql PyPI...
WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...
WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Javo Core versions = 3.0.0.266...
WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Lazy Blocks versions = 4.1.0...
Linux Distros Unpatched Vulnerability : CVE-2022-50235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READDIR Restore the previous limit on th...
Linux Distros Unpatched Vulnerability : CVE-2021-40049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being...
Linux Distros Unpatched Vulnerability : CVE-2020-35662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. CVE-2020-35662 Note that...
Linux Distros Unpatched Vulnerability : CVE-2018-7184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the received timestamp, which allows remote attackers to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2022-42258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an integer overflow may lead to denial of service, data...
Linux Distros Unpatched Vulnerability : CVE-2021-30836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15...
Linux Distros Unpatched Vulnerability : CVE-2024-57868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...