CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

Fedora 44 : kernel / kernel-headers (2026-4462efc052)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-4462efc052 advisory. The 7.0.6 stable kernel update contains a number of important fixes across the tree. It also contains a fix for the Fragnesia CVE-2026-46300 Tenable has...

CVE-2026-44919

OpenStack Ironic (through 35.x before a3f6d73) is affected. During image handling, an infinite loop can occur in checksum calculations when processing file:///dev/zero, potentially impacting availability (CVSS 3.1 base score 4.3). The root cause is in the image handling/checksum path; no exploita...

Linux Distros Unpatched Vulnerability : CVE-2026-46470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not...

Linux Distros Unpatched Vulnerability : CVE-2026-46469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not...

Linux Distros Unpatched Vulnerability : CVE-2026-8336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command's map function in a certain way, an authenticated user can...

RockyLinux 9 : freerdp (RLSA-2026:16482)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16482 advisory. freerdp: FreeRDP: Denial of service due to use-after-free vulnerability CVE-2026-25952 freerdp: FreeRDP: Denial of Service via double free vulnerability...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

EUVD-2026-30112

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-44376

CubeCart (v6.x) prior to 6.7.0 contains an unauthenticated Reflected XSS in the search feature. Root cause is a logic flaw in classes/catalogue.class.php that reflects unsanitized user input when a search returns exactly one product, bypassing existing filters. Consequences include the execution ...

CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

MAL-2026-3711 Malicious code in ethers-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7b57e9cfd1db5527382181f22fbf36f8bbc8cc0df4f701d2b4d6bc7ec7dbc407 The OpenSSF Package Analysis project identified 'ethers-web' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

@beardeddudes/strapi-types (>=0.1.0 <=0.1.1), @bimbeo160/admin (=4.12.2) +70 more potentially affected by CVE-2026-22599 via @strapi/plugin-content-type-builder (>=4.0.0-next.10 <=4.26.0)

@strapi/plugin-content-type-builder NPM version =4.0.0-next.10, =0.1.0, =4.12.2, =0.0.1, =1.0.9, =1.3.2, =4.1.12, =0.2.0, =1.0.0-alpha.2, =1.1.0, =1.4.0-rc.0 - @mtcndyl/strapi-plugin-firebase-auth =1.0.3 and more Source cves: CVE-2026-22599 Source advisory:...

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...