Linux Distros Unpatched Vulnerability : CVE-2026-24684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is...

Linux Distros Unpatched Vulnerability : CVE-2026-1484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the order GraphQL query. An attacker can access sensitive information, including personally identifiable information PII, by sending unauthorized queries to the API. Workaround This...

PT-2026-4564

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization

A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...

Linux Distros Unpatched Vulnerability : CVE-2026-23952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference...

EUVD-2025-206233

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will...

CVE-2025-64424 Colify has command injection vulnerability in project git source

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...

Linux Distros Unpatched Vulnerability : CVE-2023-54292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqp...

CVE-2025-69205 In µURU, a Specially Crafted Federation Name Allows Dialplan Injection

Micro Registration Utility µURU is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the Dial...

Linux Distros Unpatched Vulnerability : CVE-2025-68743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. Th...

Linux Distros Unpatched Vulnerability : CVE-2025-68205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver After restructuring and splitting the HDMI codec driver code, each HDMI codec driver contains the own...

Linux Distros Unpatched Vulnerability : CVE-2025-40355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 net: sysfs: Implement isvisible for physportid, portname, switchid,...

PT-2025-50332

Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...

Linux Distros Unpatched Vulnerability : CVE-2025-40246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfs: fix out of bounds memory read error in symlink repair xfs/286 produced this report on my test fleet:...

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

CVE-2025-9977

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

CVE-2025-9977 Improper neutralization of input in Times Software E-PAYROLL

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...

CVE-2025-9977

CVE-2025-9977 affects Times Software E-Payroll. The issue stems from improper sanitization of data in a POST parameter during login, which could let an unauthenticated attacker cause a DoS and may enable SQL injection; command injection attempts have also produced detailed error messages exposing...

EUVD-2025-198043

Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...