Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

Linux Distros Unpatched Vulnerability : CVE-2026-49342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the...

Linux Distros Unpatched Vulnerability : CVE-2026-49346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit...

Linux Distros Unpatched Vulnerability : CVE-2026-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes...

Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

Linux Distros Unpatched Vulnerability : CVE-2026-56407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. CVE-2026-56407 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-55203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as...

Linux Distros Unpatched Vulnerability : CVE-2026-55202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to...

Linux Distros Unpatched Vulnerability : CVE-2026-48931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects al...

Linux Distros Unpatched Vulnerability : CVE-2026-22551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs witho...

Linux Distros Unpatched Vulnerability : CVE-2026-55392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift...

Linux Distros Unpatched Vulnerability : CVE-2026-48619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This...

Linux Distros Unpatched Vulnerability : CVE-2026-42530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-48821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer...

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

Linux Distros Unpatched Vulnerability : CVE-2025-15661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a...

Linux Distros Unpatched Vulnerability : CVE-2026-56132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there i...

Linux Distros Unpatched Vulnerability : CVE-2026-48930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings...

Linux Distros Unpatched Vulnerability : CVE-2026-48818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows CVE-2026-48818 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2026-55766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-guzzlehttp-psr7 - None CVE-2026-55766 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...