CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of role checks and group ownership checks on the agentaction endpoint. Any...

EulerOS 2.0 SP13 : systemd (EulerOS-SA-2026-2315)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.CVE-2026-40226 A flaw was...

EulerOS 2.0 SP13 : systemd (EulerOS-SA-2026-2358)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.CVE-2026-40226 A flaw was...

PYSEC-2026-207 durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-minute window through a compromised PyPI maintainer account and contained malicious code. On import, the package fetched a remote payload rope.pyz from an attacker-controlled host and executed it. The payload wa...

EulerOS 2.0 SP11 : systemd (EulerOS-SA-2026-2266)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data...

EulerOS 2.0 SP11 : systemd (EulerOS-SA-2026-2229)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data...

USN-8402-1 systemd vulnerabilities

It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. CVE-2026-40226 It was discovered that systemd-resolved incorrectly validated DNSSEC records for...

USN-8402-1: systemd vulnerabilities

It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. CVE-2026-40226 It was discovered that systemd-resolved incorrectly validated DNSSEC records for...

OESA-2026-2548 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.CVE-2026-40225...

CVE-2026-40225 affecting package systemd for versions less than 255-30

CVE-2026-40225 affecting package systemd for versions less than 255-30. A patched version of the package is available...

CVE-2026-40226 affecting package systemd for versions less than 255-30

CVE-2026-40226 affecting package systemd for versions less than 255-30. A patched version of the package is available...

SUSE-SU-2026:22069-1 Security update for rpcbind

This update for rpcbind fixes the following issues Update to rpcbind 1.2.9: Security issue: - Fix several memory leaks and buffer overflows bsc1267212. Non security issue: - rpcbind fails to start tumbleweed snapshot 20181120 bsc1117217. Changes: rpcinfo: stack buffer overflow in rpcinfo...

PT-2026-49132

This update for rpcbind fixes the following issues Update to rpcbind 1.2.9: Security issue: - Fix several memory leaks and buffer overflows bsc1267212. Non security issue: - rpcbind fails to start tumbleweed snapshot 20181120 bsc1117217. Changes: rpcinfo: stack buffer overflow in rpcinfo...

Fedora 45 : systemd (2026-4280f7beb8)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4280f7beb8 advisory. Automatic update for systemd-261rc3-1.fc45. Changelog Thu Jun 4 2026 Zbigniew Jdrzejewski-Szmek - 261rc3-1 - Version 261rc3 - Various smaller and larger fixe...

Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter: Backward Compatibility and packaging changes: Added compatibility for Go...

RockyLinux 10 : systemd (RLSA-2026:18153)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18153 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...

RockyLinux 9 : systemd (RLSA-2026:19213)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19213 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

RockyLinux 10 : systemd (RLSA-2026:19068)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19068 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

RLSA-2026:19213 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...