CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

Photon OS 5.0: Python3 PHSA-2026-5.0-0862

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0862. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-46313

Name of the Vulnerable Software and Affected Versions SQLite sqldiff.exe versions prior to 2025-12-26 Description The sqldiff.exe utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the...

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300 , has been described as a case of unauthenticated remote code execution. It carries a CVSS score of...

EUVD-2026-25203

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

CVE-2026-3259

CVE-2026-3259 describes a vulnerability in Google Cloud BigQuery’s materialized view refresh mechanism where an authenticated user could trigger a runtime error that reveals sensitive information in error messages. Affected component: BigQuery Materialized View Refresh; root cause: error handling...

CVE-2026-40037 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

CVE-2025-48651

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-MINIO-2026-34204 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers

MinIO is a high-performance object storage system. Prior to version 2026.03.26, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication- headers on a normal...

Exploit for Integer Overflow or Wraparound in Qualcomm Sm7675P_Firmware

CVE-2026-21385 Scanner Languages / Idiomas: Englishen...

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

EUVD-2026-9302

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

Photon OS 4.0: Go PHSA-2026-4.0-0968

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0968. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid300118...

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

Photon OS 5.0: Glib PHSA-2026-5.0-0767

An update of the glib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0767. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Linux PHSA-2026-4.0-0960

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0960. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

WT-2026-0001

SmarterMail WT-2026-0001 Authentication Bypass Exploit 📌 O...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003544 advisory. An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free...

CVE-2025-12409 SQL Injection in Looker Studio

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's...