actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

USN-8407-1 strongswan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8407-1: strongSwan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

JLSEC-2026-607

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

JLSEC-2026-601

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

USN-8397-1: libjxl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

USN-8397-1 jpeg-xl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...

shadoweb wdja v1.5.1 - Cross-Site Scripting

shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion

A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server. id: CVE-2024-10516 info: name: Swift Performance Lite 2.3.7.2 - Local PHP Fil...

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

Important: Red Hat Security Advisory: cockpit-image-builder security update

An update for cockpit-image-builder is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

PT-2026-47593

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

TencentOS Server 4: perl-IO-Compress (TSSA-2026:0426)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0426 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...