PT-2026-50543

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

PT-2026-50527

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH MSG EXT INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server ca...

Linux Distros Unpatched Vulnerability : CVE-2026-12442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-12462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-12467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform ...

Linux Distros Unpatched Vulnerability : CVE-2026-12447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-12443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-12461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in WebRTC. CVE-2026-12461 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2026-12445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially...

RockyLinux 8 : libxslt (RLSA-2026:26355)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26355 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 8 : libpng12 (RLSA-2026:26348)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26348 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from t...

Linux Distros Unpatched Vulnerability : CVE-2026-12292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2026-12311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbi...

Linux Distros Unpatched Vulnerability : CVE-2026-12303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

ImageMagick < 6.9.13-49 / 7.x < 7.1.2-24 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-49 or 7.x prior to 7.1.2-24. It is, therefore, affected by multiple vulnerabilities: - A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. CVE-2026-48734 - An infinite loop ...

Linux Distros Unpatched Vulnerability : CVE-2026-12317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12317 Note that Nessus relies on the...

Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007

Drupal core ships a rebuild.php front controller that can be used to rebuild Drupal clearing the caches and rebuilding the container when the site is in an unexpected condition. This script doesn't correctly check the Host header against the list of trusted host patterns. This could result in cac...

PUFFERDOS: Efficient and Effective Attack String Generation for Regular Expression Denial of Service Vulnerabilities

ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression regex engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and...

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

PT-2026-50556

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...