Linux Distros Unpatched Vulnerability : CVE-2026-8213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the...

RockyLinux 9 : grafana-pcp (RLSA-2026:19184)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19184 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

Fedora 43 : firefox / nss (2026-cd20332935)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-cd20332935 advisory. Update NSS to 3.123.1 Update to Firefox 151.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

CVE-2026-6365

CVE-2026-6365 is an XSS vulnerability in Drupal core caused by improper neutralization of input during web page generation. Affects Drupal core versions: 8.0.0–before 10.5.9, 10.6.0–before 10.6.7, 11.0.0–before 11.2.11, 11.3.0–before 11.3.7. The issue relates to Drupal core’s jQuery integration f...

CVE-2026-36827

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

Server-side Request Forgery (SSRF)

Overview @haxtheweb/open-apis is a Shared API infrastructure for HAXTheWeb advanced capabilities like importing, parsing, analysis, migration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper hostname validation in the cacheAddress, JOSHelpers, and...

Advisory ROSA-SA-2026-3278

software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-7 affected versions curl-8.7.1-7 CVE-ID: CVE-2026-3784 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in curl involves incorrectly reusing an existing HTTP proxy connection CONNECT when making requests with different...

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

EUVD-2026-30937

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2026-44159

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

CVE-2026-31909

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

EUVD-2026-30868

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CLSA-2026-1779180310 kernel: Fix of CVE-2026-46333

ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333...

Security update for xen

This update for xen fixes the following issue CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

ScadaBR

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

Fedora 43 : rust-tealdeer (2026-95cc69e19a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-95cc69e19a advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...

PT-2026-41959

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...