PT-2026-26539

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Moderators could edit site policy documents – Terms of Service...

Linux Distros Unpatched Vulnerability : CVE-2026-4456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to...

CVE-2026-33395

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

CVE-2026-29106

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...

CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

CVE-2026-33355 Discourse filters whisper posts from private-posts feed

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the /private-posts endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1...

GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

GHSA-94G3-G5V7-Q4JG phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

PT-2026-26452

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

PT-2026-26444

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the return id request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double...

Linux Distros Unpatched Vulnerability : CVE-2026-20676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A...

PT-2026-26176

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

PT-2026-26208

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's Nudm SubscriberDataManagement API. This causes URL parsing failure i...

PT-2026-26187

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

PT-2026-26184

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 1.4.2 Description This issue is an Improper Input Validation leading to Denial of Service in free5GC NRF. All deployments of free5GC using the NRF discovery service are affected. The EncodeGroupId function attempts to...

CVE-2026-4185

A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swfdefbitsjpeg of the file src/scenemanager/swfparse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to laun...

ROOT-OS-UBUNTU-2404-CVE-2026-2781 CVE-2026-2781 in rootio-nss - Patched by Root

Root has patched CVE-2026-2781 in the rootio-nss package for Root:Ubuntu:24.04. Multiple fixed versions available...

EulerOS 2.0 SP11 : gdb (EulerOS-SA-2026-1604)

According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

Linux Distros Unpatched Vulnerability : CVE-2026-32777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 Note that Nessus relies on the presence of the package as reported by th...