IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 RCE (7274733)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274733 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use thi...

PT-2026-45770

Name of the Vulnerable Software and Affected Versions VIVOTEK INC FD8136-VVTK-0300a affected versions not specified Description A buffer overflow allows a remote attacker to execute arbitrary code via the 'set getparam.cgi' component. A buffer overflow occurs when a program writes more data to a...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

SUSE SLES15 Security Update : samba (SUSE-SU-2026:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2108-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. -...

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2026-30649

CVE-2026-30649 reports a Buffer Overflow in VIVOTEK INC FD8136-VVTK-0300a, exploitable remotely via the set_getparam.cgi component. This vulnerability could allow an attacker to execute arbitrary code on affected devices. The CVE records list the vulnerable product (FD8136-VVTK-0300a) and the aff...

Linux Distros Unpatched Vulnerability : CVE-2026-42588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: group policy certificate enrollment uses without...

CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

PT-2026-45794

Name of the Vulnerable Software and Affected Versions Spacelabs Healthcare Sentinel versions 10.5.x and higher Spacelabs Healthcare Sentinel versions prior to 11.6.0 Description An unauthenticated remote code execution issue exists via a deprecated .NET Remoting HTTP channel exposed on port 8989...

PT-2026-45857

Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions prior to 0.9.6 Description An issue in the / log HTTP handler allows unauthenticated network-adjacent attackers to execute arbitrary code on the host system. The handler processes JSON request bodies by passing...

Linux Distros Unpatched Vulnerability : CVE-2026-10118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers ...

PT-2026-45765

A critical chain of vulnerabilities in the Collibra Platform Agent, including CVE-2026-26847 improper authentication and path traversal, allows remote, unauthenticated attackers to achieve Remote Code Execution RCE. Technical Breakdown: Vulnerability Chain: Attackers can exploit improperly...

TencentOS Server 2: glib2 (TSSA-2026:0420)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0420 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

VulnCheck KEV: CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

EUVD-2026-33966

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

Collibra Agent contains improper authentication and path traversal vulnerabilities

Overview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary locations on the...

PT-2026-45834

Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.14.1 Description When using Framework Mode, a sequence of actions could allow unauthorized remote code execution RCE via external requests. This occurs if the application code already contains a prototype...