427 matches found
TinaCMS - Path Traversal
TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...
ROOT-OS-UBUNTU-2404-CVE-2026-53157 CVE-2026-53157 in rootio-linux - Patched by Root
Root has patched CVE-2026-53157 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
CVE-2026-33636 vulnerabilities
Vulnerabilities for packages: libpng...
CVE-2026-8970 vulnerabilities
Vulnerabilities for packages: firefox...
ROOT-OS-UBUNTU-2204-CVE-2026-45956 CVE-2026-45956 in rootio-linux - Patched by Root
Root has patched CVE-2026-45956 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-43309 CVE-2026-43309 in rootio-linux - Patched by Root
Root has patched CVE-2026-43309 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
RHEL 8 : ruby:3.3 (RHSA-2026:33515)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33515 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 9 : osbuild-composer (RHSA-2026:32991)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32991 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...
RHSA-2026:25245 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Bulletin has no description...
DEBIAN-CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
Oracle Linux 9 : python3.14-urllib3 (ELSA-2026-28157)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-28157 advisory. - Security fix for CVE-2026-44431 and CVE-2026-44432 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Oracle Linux 9 : openssl (ELSA-2026-25239)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25239 advisory. - Fix CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768,...
DEBIAN-CVE-2026-53236
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
DEBIAN-CVE-2026-53185
In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zrambvecwritepartial zramreadpage picks the sync or async backing device read path based on whether the parent bio is NULL. zrambvecwritepartial passes its parent bio down, so for ZRAMWB slots the read...
Oracle Linux 9 : hplip (ELSA-2026-26297)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26297 advisory. - OSH fixes after CVE-2026-8631 - CVE-2026-8631 hplip: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups Tenable...
Oracle Linux 9 : libsndfile (ELSA-2026-19610)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19610 advisory. 1.0.32-9.1 - apply patch for CVE-2026-37555 Resolves: ?RHEL-174543 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
RHEL 9 : nginx:1.24 (RHSA-2026:28212)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28212 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RockyLinux 9 : nginx:1.24 (RLSA-2026:28212)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLinu...
AlmaLinux 9 : skopeo (ALSA-2026:28074)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28074 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...
EUVD-2026-38248
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...