PT-2026-45925

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

PT-2026-45954

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS vulnerability CVE-2026-36748 affects v16.13 and earlier of RockRMS up to v17.7.0, allowing Cross Site Scripting (XSS) via social media links in a user profile. The connected documents confirm the affected product version range and the XSS impact, but do not provide rooted technical detail...

Linux Distros Unpatched Vulnerability : CVE-2026-47327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggere...

PT-2026-45908

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

RockyLinux 10 : corosync (RLSA-2026:19043)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19043 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via intege...

Linux Distros Unpatched Vulnerability : CVE-2026-46183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can als...

PT-2026-45921

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

UBUNTU-CVE-2026-5385

An unauthenticated user with write access to the knowledge base can st...

EUVD-2026-34100

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

PT-2026-45923

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

PT-2026-45922

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

PT-2026-45920

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

PT-2026-46306

Name of the Vulnerable Software and Affected Versions matrix-sdk-ui versions prior to 0.16.1 Description The message edit validation logic is missing a check when replacing an encrypted event, as the replacement event is not required to be encrypted. This allows a malicious homeserver administrat...

PT-2026-45924

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...

Linux Distros Unpatched Vulnerability : CVE-2026-47333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory...

PT-2026-46043

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user with permissions to edit Item records can inject arbitrary HTML or JavaScript into the item name, description, or image fields of an Item. This leads to unescaped rendering in the Point...

PT-2026-46093

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...