RockyLinux 8 : .NET 8.0 (RLSA-2026:8468)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8468 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet...

CVE-2026-5898 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-QG3C-XM7Q-9C4X vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-VMW5-396H-99JH vulnerabilities

Vulnerabilities for packages: chromium...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007450 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported b...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007511)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007511 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when bio has been throttled 1.In current process, all bio will set...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007240 advisory. In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When...

Weblate: Privilege escalation in the user API endpoint

Impact The user patching API endpoint didn't properly limit the scope of edits. Patches https://github.com/WeblateOrg/weblate/pull/18687 References Thanks to @tikket1 and @DavidCarliez for reporting this via GitHub. We received two individual reports for this...

Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads

Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...

Weblate: Improper access control for the translation memory in API

Impact The translation memory API exposed unintended endpoints, which in turn didn't do proper access control. Patches https://github.com/WeblateOrg/weblate/pull/18513 Workarounds Blocking access to /api/memory/ in the HTTP server removes access to this feature. References This issue was reported...

CVE-2026-6148

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...

EUVD-2026-23239

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785

The CVE-2026-5785 issue affects Zohocorp ManageEngine PAM360 (versions before 8531) and ManageEngine Password Manager Pro (versions 8600 to 13230). The vulnerability is an Authenticated SQL injection in the query report module, allowing an attacker with LOW privileges and no user interaction to t...

CVE-2026-5785 SQL Injection

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785 SQL Injection

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

GHSA-XM5M-WGH2-RRG3 vulnerabilities

Vulnerabilities for packages: image-factory, kyverno-policy-reporter-plugins-kyverno, tekton-chains, cloudbeat, kyverno-notation-aws-fips, sigstore-scaffolding, witness, ko-fips, kubescape-server-fips, trivy-operator, trivy-fips, cosign, flux-source-controller, kyverno, cosign-fips, vexctl,...

MAL-2026-2760 Malicious code in f0-email-verification (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f1be0fb20c0bda97570f04e023025da0e132b6f20c647025acbbaaad2916722 The package f0-email-verification was found to contain malicious code...

CVE-2026-40947

creationtimestamp| type| source ---|---|--- 2026-04-16 02:03:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjlcy6tbfd2w...