PT-2026-39842

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 Description A...

PT-2026-39816

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : opam vulnerability (USN-8256-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8256-1 advisory. Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An...

MiracleLinux 9 : libpng-1.6.37-12.el9_7.3 (AXSA:2026-581:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-581:08 advisory. libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVE-2026-33636 Tenable has extracted the...

Unity Linux 20.1060e / 20.1070e Security Update: virglrenderer (UTSA-2026-017574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017574 advisory. A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial ...

Linux Distros Unpatched Vulnerability : CVE-2021-26528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017646 advisory. A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a craft...

PT-2026-39788

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination or write kernel memory...

PT-2026-39662

Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...

Linux Distros Unpatched Vulnerability : CVE-2021-26530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after...

PT-2026-39622

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

VulnCheck KEV: CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

Unity Linux 20.1060e / 20.1070e Security Update: exiv2 (UTSA-2026-017634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017634 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2...

SUSE SLES11 Security Update : kernel (SUSE-SU-2026:1777-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1777-1 advisory. The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234:...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-017401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017401 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-017400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017400 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...

EUVD-2026-28932

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

Dirty Frag: Using the Page Caches as an Attack Surface

Dirty Frag is a Linux local privilege escalation LPE chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an unprivileged local user to escalate to root on many major Linux distributions. xfrm-ESP Page-Cache Write CVE-2026-43284 RxRPC Page-Cache Writ...

CVE-2026-42311 Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...