Linux Distros Unpatched Vulnerability : CVE-2026-46114

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt...

CVE-2026-9953

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bounds read issue in the ANGLE component, which could allow remote attackers to obtain sensitive informati...

ROS-20260526-73-0019

A vulnerability in the libpng library is related to the failure to check for sufficient input pixels when processing the last partial portion in the ARM/AArch64 Neon optimized palette expansion path. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260526-73-0018

A vulnerability in the libpng library is related to the failure to check for sufficient input pixels when processing the last partial portion in the ARM/AArch64 Neon optimized palette expansion path. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

PT-2026-42905

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

PT-2026-42910

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.24 Description A weakness in the Messaging Gateway Handler component allows for remote information disclosure. The issue is located within the make run env function in the...

@kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

CVE-2026-8766

A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILOCONFIGCONTENT can lead to information disclosure. It is...

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

ROS-20260507-73-0003

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0002

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0001

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

EUVD-2026-27832

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

EUVD-2026-27824

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

Flowise: Bcrypt Password Hash Exposure

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

CVE-2026-8026

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

PT-2026-38083

Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.1.0+ds1-1ubuntu2.1+esm1 Description Mako incorrectly handles URIs with double-slash prefixes in TemplateLookup. A remote attacker could potentially exploit this behavior to obtain sensitive information. Recommendations...