DEBIAN-CVE-2026-21945

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

DEBIAN-CVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

CVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

MiracleLinux 8 : pcs-0.10.10-4.el8.ML.1 (AXSA:2021-2867:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2867:05 advisory. jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656 jquery: Untrusted code execution via tag in HTML passed to DOM...

MiracleLinux 8 : idm:DL1 (AXSA:2021-2291:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2291:01 advisory. jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution CVE-2020-11023 Tenable has extracted the preceding...

MiracleLinux 7 : ipa-4.6.8-5.4.0.1.el7.AXS7 (AXSA:2021-1615:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1615:01 advisory. jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution CVE-2020-11023 Tenable has extracted the preceding...

MiracleLinux 8 : idm:client (AXSA:2021-2292:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2292:01 advisory. jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution CVE-2020-11023 Tenable has extracted the preceding...

CVE-2026-22686

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

CVE-2026-22869

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...

CVE-2026-22869

Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...

MiracleLinux 9 : gcc-11.5.0-5.el9_5.ML.1 (AXSA:2025-9691:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9691:09 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : gcc-toolset-13-gcc-13.3.1-2.2.el9_5.ML.1 (AXSA:2025-9667:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9667:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 8 : gcc-toolset-14-gcc-14.2.1-7.1.el8_10.ML.1 (AXSA:2025-9684:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9684:02 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 8 : tbb-2018.2-10.el8_10.1 (AXSA:2025-9640:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9640:02 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

MiracleLinux 9 : doxygen-1.9.1-12.el9_5 (AXSA:2025-9657:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9657:01 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block...

Eigent 代码注入漏洞

Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. Eigent suffers from a code injection vulnerability that stems from a CI workflow using the pullrequesttarget trigger and checking out untrusted PR code, which could lead to arbitrary code execution...

SUSE CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...

PT-2026-34084

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 11.0.30, 17.0.18, 21.0.10, 25.0.2 and 26 Oracle GraalVM for JDK versions 17.0.18 and 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the JAXP component allows an unauthenticated...