CVE-2026-46517

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

EUVD-2026-36167

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

EUVD-2026-36156

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

RockyLinux 9 : unbound (RLSA-2026:24369)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24369 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

AlmaLinux 9 : unbound (ALSA-2026:24369)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24369 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (a57fe2c1-6476-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a57fe2c1-6476-11f1-958d-bc241121aa0a advisory. Multiple issues have been reported as part of this advisory with different issues affecting...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

PT-2026-48660

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

PT-2026-48700

Name of the Vulnerable Software and Affected Versions KanaDojo versions prior to 0.1.18 Description A sandbox escape allows remote code execution with full GitHub Actions runner privileges, including access to the AUTOMATION PR TOKEN variable. The issue occurs in the issue-auto-respond.yml workfl...

PT-2026-48625

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications are susceptible to unsafe deserialization when processing paginated GraphQ...

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

KanaDojo 安全漏洞

KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. Versions of KanaDojo prior to 0.18.0 contained security vulnerabilities. These vulnerabilities were caused by sandbox escape attacks, allowing attackers to execute arbitrary code by passing the global...

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

VMware Spring for GraphQL 代码问题漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0, 1.4.0, and 1.3.0 contain code vulnerabilities. These vulnerabilities stem from insecure deserialization during the processing of...

RockyLinux 9 : redis (RLSA-2026:23229)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23229 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

ALSA-2026:25219 Important: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RHEL 10 : valkey (RHSA-2026:25216)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25216 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists,...