Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

Photon OS 4.0: Python3 PHSA-2026-4.0-1032

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1032. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Zlib PHSA-2026-5.0-0874

An update of the zlib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-53831

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

CVE-2026-41158

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-12131

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

CVE-2026-41158

Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...

CVE-2026-53831 OpenClaw < 2026.5.18 - Arbitrary File Read via Shell Expansion in system.run Safe-bin Allowlist

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

CVE-2026-53831

OpenClaw

CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

EUVD-2026-36588

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

EUVD-2026-36574

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

CVE-2026-12130 CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

EUVD-2026-36569

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

CVE-2026-53407

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

EUVD-2026-35398

TYPO3 CMS: Broken Access Control in Media Module...

GHSA-CG75-QFG2-W9HJ TYPO3 CMS has Cross-Site Scripting in Indexed Search

Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...

Malicious code in flexitest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...