RHEL 9 : 389-ds-base (RHSA-2026:26464)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26464 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

RHEL 8 : redhat-ds:11 (RHSA-2026:26461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26461 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

RHEL 9 : kernel-rt (RHSA-2026:26462)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26462 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

RHEL 9 : kernel (RHSA-2026:26515)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26515 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: use dstdevrcu in...

RHEL 8 : kernel (RHSA-2026:26563)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26563 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276600)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276600 advisory. - IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.7 (7276579)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7276579 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling. A remote attacker could...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 RCE (7276560)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7276560 advisory. - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, when using Intelligent Management with the...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276597)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276597 advisory. - IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. CWE:...

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20956-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20956-1 advisory. This update for trivy fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

📄 dedoc/scramble 0.13.2 Remote Code Execution

This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...

Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme cou...

GHSA-7V5M-PR3Q-6453 Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme cou...

Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 979f38f25a707a09a4469b3dd0f24c603e2d9a195eaaa9b2a9ea3d84076dc9d0 [email protected] is part of a self-cloning namespace-squatting family. The tarball contains auto-publish.sh which sets BASE="speed", TOTAL=5, copies the...

MAL-2026-5938 Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 979f38f25a707a09a4469b3dd0f24c603e2d9a195eaaa9b2a9ea3d84076dc9d0 [email protected] is part of a self-cloning namespace-squatting family. The tarball contains auto-publish.sh which sets BASE="speed", TOTAL=5, copies the...

Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

GHSA-PM6V-2H4W-4RP2 Gogs: Overwriting critical files results in a denial of service

Vulnerability type: Path Traversal Impact: DoS Exploitation prerequisite: authorized user Description: As an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the...

Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...

GHSA-QW24-GH76-8RVV Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...