ROOT-OS-UBUNTU-2204-CVE-2026-31454 CVE-2026-31454 in rootio-linux - Patched by Root

Root has patched CVE-2026-31454 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

AlmaLinux 8 : xorg-x11-server-Xwayland (ALSA-2026:26562)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:26562 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

PT-2026-50580

Name of the Vulnerable Software and Affected Versions PTC Windchill PDMlink versions prior to 11.0 M030 PTC FlexPLM versions prior to 11.0 M030 CPS affected versions not specified Description A critical remote code execution RCE issue exists due to the deserialization of untrusted data and improp...

ROOT-APP-NPM-GHSA-7RX3-28CR-V5WH GHSA-7rx3-28cr-v5wh in @rootio/handlebars - Patched by Root

Root has patched GHSA-7rx3-28cr-v5wh in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

GHSA-88G6-23MM-RPG4 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-7MW2-6273-9CWV vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-GPGJ-GWJP-8VM9 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

Fedora 45 : perl-Crypt-DSA (2026-cf622b92d7)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cf622b92d7 advisory. Automatic update for perl-Crypt-DSA-1.21-1.fc45. Changelog Mon Jun 15 2026 Paul Howarth - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple...

File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

CVE-2026-7184 Mattermost Remote Cluster PATCH API Leaks Authentication Tokens

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

EUVD-2026-36400

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

GHSA-Q7VR-J5WC-2XCH vulnerabilities

Vulnerabilities for packages: chromium...

Fedora 45 : kubernetes1.33 (2026-05251d4863)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-05251d4863 advisory. Automatic update for kubernetes1.33-1.33.13-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.33.13-1 - Update to release 1.33.13 - Resolves: rhbz2467604...

Linux Distros Unpatched Vulnerability : CVE-2026-44496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular...

GHSA-R236-5PC3-3QCP AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

GHSA-HFXV-24RG-XRQF vulnerabilities

Vulnerabilities for packages: nextcloud-server...

AlmaLinux 8 : .NET 10.0 (ALSA-2026:25114)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25114 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Oracle Linux 8 : .NET / 8.0 (ELSA-2026-25110)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25110 advisory. 8.0.128-1.0.1 - Add support for Oracle Linux 8.0.128-1 - Update to .NET SDK 8.0.128 and Runtime 8.0.28 - Resolves: RHEL-181052 8.0.126-2 - Update to...

@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)

@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5497...