RHEL 9 : kernel-rt (RHSA-2026:27706)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27706 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements...

Linux Distros Unpatched Vulnerability : CVE-2026-10601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path...

RHEL 9 : poppler (RHSA-2026:27723)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27723 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1866)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1866 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability ha...

RHEL 10 : kernel (RHSA-2026:27709)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27709 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the...

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

RHEL 9 : vim (RHSA-2026:28050)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28050 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-111 (ALASNITRO-ENCLAVES-2026-111)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-111 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-256...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-107 (ALASKERNEL-5.15-2026-107)

The version of kernel installed on the remote host is prior to 5.15.209-147.245. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-107 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1882)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1882 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved:...

📄 Worksnaps.net Worksnaps Hardcoded Root Cloud Credentials

Silver Leaf Technologies - Worksnaps.net Worksnaps suffers from a hardcoded credential vulnerability. Several application binaries contained hardcoded credentials, such as AWS access keys and S3 bucket names, which granted access to the production environment. Those hardcoded AWS cloud credential...

📄 Sprecher Automation SPRECON-E-C/-E-P/-E-T3 Missing Secure-Boot / Static Passwords

Sprecher Automation SPRECON-E-C/-E-P/-E-T3 leaks the firmware signing private key, is missing a secure-boot mechanism, has unencrypted flash memory, use of static passwords, and hard-coded vendor accounts. SEC Consult Vulnerability Lab Security Advisory...

📄 PHP 8.5.7 levenshtein() Signed-Integer Overflow

The levenshtein function calculates the Levenshtein distance between two strings, optionally accepting custom costs for insertion, replacement, and deletion operations. In PHP version 8.5.7, the implementation lacks proper bounds checking for these cost parameters. PHP 8.5.7 levenshtein...

📄 PHP 8.5.7 FILTER_SANITIZE_ENCODED Uninitialized Read

PHP version 8.5.7 suffers from an uninitialized read issue that does not appear immediately useful for any sort of exploitation. PHP 8.5.7 FILTERSANITIZEENCODED uninitialized read Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory:...

RHEL 10 : openssl-fips-provider (RHSA-2026:27745)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27745 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

📄 PHP 8.5.7 mb_substr() Underflow

PHP version 8.5.7 suffers an underflow condition that can be exploited to trigger a denial of service condition. PHP 8.5.7 mbsubstr 'SJIS-mac' sizet underflow Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory: https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow Contact:...

📄 OpenBSD sppp_pap_input PAP Authentication Bypass

OpenBSD suffers from a PAP authentication bypass vulnerability via a zero-length bcmp. All versions through 7.6 are affected. ------------------------------------------------------------------------ OpenBSD sppppapinput: PAP Authentication Bypass via Zero-Length bcmp...

📄 PHP 8.5.7 dom_xml_serialization_algorithm() Stack Overflow

PHP version 8.5.7 suffers from a stack overflow vulnerability due to unbounded recursion in domxmlserializationalgorithm and domxmlserializeelementnode. PHP 8.5.7 domxmlserializationalgorithm stack-overflow Author: Khashayar Fereidani Disclosure Date: 2026-06-18 Advisory:...

Malicious code in hyperpure-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...

MAL-2026-6250 Malicious code in hyperpure-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47dd43b980c7b5e3230ee57e6974d40804e54997ed88877ced301402dbcdef4c Package impersonates a Zomato internal namespace name hyperpure-core, repository URL pointing to github.com/zomato/hyperpure-core while shipping a...