Linux Distros Unpatched Vulnerability : CVE-2026-32203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. CVE-2026-32203 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2026-23408

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error...

Linux Distros Unpatched Vulnerability : CVE-2026-33487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

Linux Distros Unpatched Vulnerability : CVE-2026-4923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtrackin...

Linux Distros Unpatched Vulnerability : CVE-2026-33306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation...

Linux Distros Unpatched Vulnerability : CVE-2026-4453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium...

Linux Distros Unpatched Vulnerability : CVE-2026-23245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list...

Linux Distros Unpatched Vulnerability : CVE-2026-3939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF fil...

Linux Distros Unpatched Vulnerability : CVE-2026-31958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in...

CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can...

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

Linux Distros Unpatched Vulnerability : CVE-2026-23177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmemfreeswap returns 0 when the entry's index doesn't match the given ind...

CVE-2026-24884 Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an attacker can caus...

VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

Linux Distros Unpatched Vulnerability : CVE-2026-24825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb contrib/libs/yajl modules. This vulnerability is associated with program...

UBUNTU-CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

Linux Distros Unpatched Vulnerability : CVE-2026-24684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is...