218 matches found
CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)
Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 Critical. The vulnerability allows any authenticated user to achieve remote cod...
Linux Distros Unpatched Vulnerability : CVE-2026-8258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead ...
Linux Distros Unpatched Vulnerability : CVE-2026-43408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following...
Linux Distros Unpatched Vulnerability : CVE-2026-8016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-31543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload...
Linux Distros Unpatched Vulnerability : CVE-2026-3196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability was found in the virtio-snd device via PCMINFO requests from the guest. A malicious guest can provide out-of-bounds stream...
Linux Distros Unpatched Vulnerability : CVE-2025-68335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device deta...
Linux Distros Unpatched Vulnerability : CVE-2025-39979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte, where the H...
Linux Distros Unpatched Vulnerability : CVE-2023-53611
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit:...
EUVD-2023-38092
Malicious code in bioql PyPI...
WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...
WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Javo Core versions = 3.0.0.266...
WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Lazy Blocks versions = 4.1.0...
Linux Distros Unpatched Vulnerability : CVE-2022-50235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READDIR Restore the previous limit on th...
Linux Distros Unpatched Vulnerability : CVE-2021-40049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being...
Linux Distros Unpatched Vulnerability : CVE-2022-42258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where an integer overflow may lead to denial of service, data...
Linux Distros Unpatched Vulnerability : CVE-2018-7184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the received timestamp, which allows remote attackers to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2020-35662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. CVE-2020-35662 Note that...
Linux Distros Unpatched Vulnerability : CVE-2024-57868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...
Linux Distros Unpatched Vulnerability : CVE-2021-30836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15...