RockyLinux 10 : java-25-openjdk (RLSA-2026:9693)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:9693 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improved Arena allocations CVE-2026-22008 JDK: Improve Kerberos credentialing CVE-2026-22013...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

Unity Linux 20.1060e / 20.1070e Security Update: qt5-qtsvg (UTSA-2026-016645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016645 advisory. Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

PT-2026-42792

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

antgent (>=0.3.0 <=0.3.2), ara-cli (>=0.1.14.13 <=0.1.14.14) +44 more potentially affected by CVE-2026-46678 via pydantic-ai-slim (>=1.56.0 <=1.98.0)

pydantic-ai-slim PYPI version =1.56.0, =0.3.0, =0.1.14.13, =1.5.0, =0.1.0a1, =0.0.400, =0.0.1, =1.0.0, =1.0.3, =0.0.498, =0.1.1, =0.7.0rc1, =0.1.1, =0.1.0, =0.3.1 and more Source cves: CVE-2026-46678 Source advisory: OSV:GHSA-CQP8-FCVH-X7R3...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables (CVE-2026-6053)

Summary is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. Vulnerability Details CVEID:CVE-2026-6053 DESCRIPTION: IBM Db2 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. CWE:CWE-770:...

CVE-2026-6841

The CVE-2026-6841 entry describes a reflected cross-site scripting (XSS) vulnerability in Request Tracker (RT) that is triggered via the Page parameter in GET requests, allowing arbitrary JavaScript execution in the victim’s browser. Affected RT versions are 5.0.4–5.0.9 and 6.0.0–6.0.2. The vulne...

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

EUVD-2026-31243

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2734 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2734 Source advisory: SNYK:PYTHON-MLFLOW-16787326...

CVE-2026-7836 hextoint macro uppercase bug

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

EUVD-2026-31215

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

CVE-2026-44066

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...

EUVD-2026-31238

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

CVE-2026-44062

In Netatalk (versions 2.0.4–4.4.2) a missing o_len bounds check in pull_charset_flags() enables out-of-bounds processing; fixed in 4.4.3 (per NVD). Debian advisory groups the CVE under a security update and recommends upgrading to a secure netatalk package; apply vendor-provided patches (e.g., De...