114 matches found
Fedora 44 : kubernetes1.33 (2026-da02662d41)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-da02662d41 advisory. - Update to release 1.33.13 - Resolves: rhbz2467604 - Upstream fix Tenable has extracted the preceding description block directly from the Fedora security...
Astra Linux – Vulnerability in glibc
The mqnotify function in the GNU C Library also known as glibc versions 2.32 and 2.33 has a use-after-free vulnerability. It may access the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, resulting in a denial of service...
Fedora 45 : kubernetes1.33 (2026-05251d4863)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-05251d4863 advisory. Automatic update for kubernetes1.33-1.33.13-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz2467604...
EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)
According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...
[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Advisory ROSA-SA-2026-3306
Component: PHP 7.4.33 OS: ROSA-CHROME Affected versions: = php-7.4.33-13 Affected versions: php-7.4.33-13 CVE-ID: CVE-2024-5458 BDU-ID: 2024-04846 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the filtervar function of the PHP interpreter involves insufficient validation of data...
Nextcloud Teams 安全漏洞
NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams from 32.0.0 to 32.0.7, and from 33.0.0 to 33.0.1. These vulnerabilities stemmed from the absence of API-level access checks,...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...
EUVD-2026-33444
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
CVE-2026-46385
Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...
CVE-2026-44516
Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...
UBUNTU-CVE-2026-42580
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...
CVE-2026-42887
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017737)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017737 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily...
CTT-enhanced-Dirty-Frag-exploit
CTT-enhanced-Dirty-Frag-exploit CTT Version: Dirty Frag — Univ...
PT-2026-33255
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
MINI-QV48-33V3-CP6H
Bulletin has no description...
CVE-2026-30844
Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...
WordPress Media Library Assistant plugin <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Attachment Taxonomy Modification vulnerability discovered by Muhammad Sharief in WordPress Plugin Media LIbrary Assistant versions = 3.33...