RHEL 9 : gimp (RHSA-2026:25901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25901 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

PT-2026-49191

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the application fails to intercept certain dangerous interfaces when executing JavaScript scripts embedded in PDF files within the sandbox...

ROS-20260615-73-0041

The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...

ROS-20260615-73-0002

The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0005

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0006

The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0003

The vulnerability in freerdp is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0004

The vulnerability in freerdp3 is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0001

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

RHEL 9 : valkey (RHSA-2026:25925)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25925 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...

RHEL 9 : gimp (RHSA-2026:25899)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25899 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 9 : gimp (RHSA-2026:25907)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25907 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

Malicious code in npm-sandbox-research-e9f0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 – MCPJam Inspector Unauthenticated Remote Code...

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

POC_cve_2026_35273

POCcve202635273 Universal Unauthenticated RCE via PeopleSof...

MAL-2026-5748 Malicious code in chai-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64edd573a9e5fdef8dcde78f5b0c9fa00521f232b886be838104741d1e0535f7 Package name 'chai-utils-test' impersonates the popular 'chai' assertion library and ships a cloned chai source tree. The declared main index.js call...

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...