GitLab 17.6 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3073)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-3073 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PT-2026-41206

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant update endpoint. This occurs when the server does not restrict which properties can be modified by the client, allowing user-controlled request bodies ...

Medium: python-tornado

Issue Overview: In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536 Affected Packages: python-tornado Note: This advisory is applicable to Amazon Linux...

Fedora 44 : firefox (2026-67917a57a3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67917a57a3 advisory. - Updated to latest upstream 150.0.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 42 : krb5 (2026-6c99aaa6d3)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c99aaa6d3 advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-003 (ALASDNSMASQ-2026-003)

The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DNSMASQ-2026-003 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache...

CVE-2026-44425

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

EUVD-2026-30139

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters

ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...

CVE-2026-8407

Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : Devolutions Server...

CVE-2026-34647

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...

CVE-2026-28374 IDOR in Annotations API allows unprivileged users to DELETE annotation

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

CVE-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

CVE-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

EUVD-2026-30024

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...