Linux Distros Unpatched Vulnerability : CVE-2026-10002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

ROS-20260529-73-0011

The vulnerability in the vault is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute a SSRF attack remotely...

DEBIAN-CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-9981

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9918

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33050

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful...

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

CVE-2026-45104

A flaw was found in MapServer. A remote attacker can exploit this vulnerability by sending a specially crafted Styled Layer Descriptor SLD via the Web Map Service WMS SLDBODY parameter. This can lead to a NULL pointer dereference, causing a Denial of Service DoS condition...

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for remote, unauthenticated attackers to send specially crafted SOAP requests to the SAML ECP endpoint. These requests are accompanied ...

Keycloak 缓冲区错误漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a buffer error vulnerability, which originates from the ClientRegistrationAuth component. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST...

PT-2026-44528

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 23.4.0 through 23.26.2 Description An issue exists in the Net Service component of Oracle Database Server. An unauthenticated attacker with network access via TLS can exploit this flaw to compromise the Net...

PT-2026-44595

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Base allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

CVE-2026-45991

A flaw was found in the Linux kernel's Universal Disk Format UDF filesystem. A remote attacker could exploit this vulnerability by tricking a user into mounting a specially crafted UDF image containing repeated partition descriptors. This could lead to a heap out-of-bounds write, potentially...

CVE-2026-46024

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted authentication reply message to trigger a null pointer dereference. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS for affected systems. Mitigation To...

CVE-2026-47202

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...