48515 matches found
Gogs <= 0.13.3 - Remote Code Execution
Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...
Linux Distros Unpatched Vulnerability : CVE-2026-6678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption. CVE-2026-6678 Note th...
Linux Distros Unpatched Vulnerability : CVE-2026-7531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...
Linux Distros Unpatched Vulnerability : CVE-2026-12912
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occu...
Linux Distros Unpatched Vulnerability : CVE-2026-6329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. Th...
Linux Distros Unpatched Vulnerability : CVE-2026-6092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When HAVEENCRYPTTHENMAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC. CVE-2026-6092 Note that...
Linux Distros Unpatched Vulnerability : CVE-2026-55960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative...
Linux Distros Unpatched Vulnerability : CVE-2026-6412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2026-7532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certifica...
Linux Distros Unpatched Vulnerability : CVE-2026-7511
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be...
Linux Distros Unpatched Vulnerability : CVE-2026-6330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2...
Linux Distros Unpatched Vulnerability : CVE-2026-6325
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...
Linux Distros Unpatched Vulnerability : CVE-2026-54369
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and...
Linux Distros Unpatched Vulnerability : CVE-2026-6450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...
Linux Distros Unpatched Vulnerability : CVE-2026-6331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...
EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex
Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...
Linux Distros Unpatched Vulnerability : CVE-2026-55677
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the...
Linux Distros Unpatched Vulnerability : CVE-2026-13006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacke...
Linux Distros Unpatched Vulnerability : CVE-2026-57231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no val...
Linux Distros Unpatched Vulnerability : CVE-2026-12892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NA...