3059 matches found
CVE-2026-8597
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...
SUSE CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...
CVE-2026-8328
The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...
CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42174
Kirby CMS (CVE-2026-42174) is vulnerable prior to updates 4.9.0 and 5.4.0: user avatars could be created, replaced, or deleted without proper user.update/users.update permission checks. The root cause is missing authorization gating for avatar actions, allowing users with only file permissions to...
EUVD-2026-28759
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
PT-2026-38845
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...
Hotfix update for Exchange Server Subscription Edition RTM HU6: May 7, 2026 (KB5081755)
Hotfix update for Exchange Server Subscription Edition RTM HU6: May 7, 2026 KB5081755 Hotfix Update HU 6 for Microsoft Exchange Server SE RTM was released on May 7, 2026. It includes fixes for non-security issues, and might introduce new features. These fixes and features will also be included in...
CVE-2026-43228
In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUGON with error handling for CNID count checks In a06ec283e125 nextid, foldercount, and filecount in the super block info were expanded to 64 bits, and BUGONs were added to detect overflow. This triggered an error...
CVE-2026-43172
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs which doesn't exist in hardware then using "fwrt-smemcfg.lmac2" is an overrun of the array. Reject such and use IWLFWCHECK instead of WARNON ...
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...
PT-2026-37824
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...
Linux Distros Unpatched Vulnerability : CVE-2026-43215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: Fix locking usage for tcon fields We used to use the cifstcpseslock to protect a lot of objects that are not just the server, ses or tcon lists. We later...
fence-agents security update
4.16.0-13.4 - bundled pyasn1: replace with dependency to fix CVE-2026-30922 - bundled PyJWT: upgrade to v2.12.1 to fix CVE-2026-32597 Resolves: RHEL-157186, RHEL-155667...
fence-agents security update
4.10.0-98.13 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157201 4.10.0-98.12 - bundled cryptography: replace with dependency to fix CVE-2026-26007 - bundled PyJWT: upgrade to v2.12.1 to fix CVE-2026-32597 Resolves: RHEL-148436, RHEL-155675...
Oracle Linux 10 : fence-agents (ELSA-2026-13916)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13916 advisory. - bundled pyasn1: replace with dependency to fix CVE-2026-30922 Tenable has extracted the preceding description block directly from the Oracle Linux...
CVE-2025-58074
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
CVE-2026-6499
CVE-2026-6499 affects OpenConcerto 1.7.5. The issue is described as an Incorrect Permission Assignment for Critical Resource vulnerability that could allow Replace Binaries. CVSS v4.0 metrics: AV:L, AC:L, PR:L, UI:P, S:U, C:N/I:N/A:N with VU: none/low; base score 2.4 (LOW). Exploitation status is...