Linux Distros Unpatched Vulnerability : CVE-2025-69648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic...

CVE-2026-3707

A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gifdecoder.c. Such manipulation of the argument canvasheight leads to integer overflow. Local access is required to approach this attack. The exploit is...

CVE-2026-3706

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered t...

UBUNTU-CVE-2026-3706

A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered t...

CVE-2026-3707

MrNanko webp4j (up to 1.3.x) is affected by CVE-2026-3707. The vulnerability is in DecodeGifFromMemory (src/main/c/gif_decoder.c): manipulation of the canvas_height argument can trigger an integer overflow. Local access is required to exploit. Public exploit is available. Patch identified as 8977...

CVE-2026-3707 MrNanko webp4j gif_decoder.c DecodeGifFromMemory integer overflow

A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gifdecoder.c. Such manipulation of the argument canvasheight leads to integer overflow. Local access is required to approach this attack. The exploit is...

CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

PT-2026-23889

Name of the Vulnerable Software and Affected Versions RyuzakiShinji biome-mcp-server versions up to 1.0.0 Description A security flaw exists in RyuzakiShinji biome-mcp-server up to version 1.0.0, related to an unknown functionality within the biome-mcp-server.ts file. A manipulation of this...

CVE-2026-28210

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...

EUVD-2026-9966

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-3616 DefaultFuction Jeson Customer Relationship Management System edit.php sql injection

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

Linux Distros Unpatched Vulnerability : CVE-2026-3351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all...

Linux Distros Unpatched Vulnerability : CVE-2026-2219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressi...

PT-2026-23626

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

Linux Distros Unpatched Vulnerability : CVE-2026-3449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Enterprise Linux - @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal CVE-2026-3449 Note tha...

CVE-2026-3520 Multer vulnerable to Denial of Service via uncontrolled recursion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

Linux Distros Unpatched Vulnerability : CVE-2026-3408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML...