12475 matches found
CVE-2026-28906
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address...
libXpm vulnerable to out-of-bounds read
Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017504)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017504 advisory. curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer:...
OESA-2026-2261 hdf5 security update
HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...
[SECURITY] Fedora 43 Update: nodejs22-22.22.2-2.fc43
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
Fedora 43 : perl-Starman (2026-b94aad33a5)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b94aad33a5 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...
Important: Red Hat Security Advisory: RHACS 4.10.2 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
bubblewrap-0.11.2-1.1 on GA media (moderate)
bubblewrap-0.11.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10671-1 Rating: moderate Cross-References: CVE-2026-41163 CVSS scores: CVE-2026-41163 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-41163 SUSE : 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N...
PT-2026-38198
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Cast allows an attacker on the local network segment to bypass the same origin policy via malicious network traffic. The same origin policy...
PT-2026-38174
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read in Codecs allows a remote attacker to obtain potentially sensitive information from process memory by using a malicious file. An out of bounds read occurs when a...
PT-2026-36908
Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...
Debian dsa-6239 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6239 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected]...
PT-2026-36537
Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...
Medium: tomcat-native
Issue Overview: CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115;...
Fedora 44 : mapserver (2026-b5a2da2c73)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5a2da2c73 advisory. Update to mapserver 8.6.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
[SECURITY] Fedora 42 Update: python3-docs-3.13.13-1.fc42
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
CVE-2026-28525
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
Multiple vulnerabilities in LogonTracer
Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...
Fedora 42 : pie (2026-3b2063832d)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b2063832d advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011076)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011076 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...