RockyLinux 10 : git-lfs (RLSA-2026:19133)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19133 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the roo...

CVE-2026-48522

A flaw was found in PyJWT, a JSON Web Token implementation in Python. The PyJWKClient component, prior to version 2.13.0, directly passes its Uniform Resource Identifier URI argument to urllib.request.urlopen. This allows a remote attacker, by influencing the application's jku URL ingestion path,...

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

CVE-2026-9730 Remove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

EUVD-2026-31676

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-45338

Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

RHEL 10 : gvisor-tap-vsock (RHSA-2026:17084)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17084 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp,...

Update WhatsApp now: Two new flaws could expose you to malicious files

Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been...

CVE-2026-7221

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to laun...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

PT-2026-34878

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4 Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with...

RHEL 10 : git-lfs (RHSA-2026:9435)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:9435 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

AlmaLinux 8 : grafana (ALSA-2026:7011)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7011 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux securi...

RockyLinux 10 : golang-github-openprinting-ipp-usb (RLSA-2026:7992)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7992 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

RHEL 10 : rhc (RHSA-2026:7669)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7669 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...

RHEL 9 : rhc (RHSA-2026:7665)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7665 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...

RHEL 7 : rhc (RHSA-2026:7676)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7676 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...

RHEL 10 : rhc (RHSA-2026:7328)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7328 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...