Potential use-after-free due to lack of panic safety in `InlineVec::clear` and `SerVec::clear`

InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...

[SECURITY] [DLA 4547-1] gimp security updat

------------------------------------------------------------------------- Debian LTS Advisory DLA-4547-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 23, 2026 https://wiki.debian.org/LTS -...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

CVE-2026-41206

Summary: CVE-2026-41206 affects PySpector, a Python SAST framework. The vulnerability lies in the plugin security validator’s static analysis in the function/class handling plugin loading via PluginSecurity.validate_plugin_code. Before version 0.1.8, the blocklist is incomplete and can be bypasse...

CVE-2026-41206

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

EUVD-2026-25160

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

Eval Injection

Overview verl is a verl: Volcano Engine Reinforcement Learning for LLM Affected versions of this package are vulnerable to Eval Injection via the mathequal function. An attacker can execute arbitrary code by supplying crafted input that is processed by an unsafe evaluation mechanism. Remediation...

GHSA-H57C-V2V3-5V3V verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

PsiTransfer 路径遍历漏洞

PsiTransfer is a simple, self-hosted file sharing solution developed by Christoph Wiechert. Versions of PsiTransfer prior to 2.4.3 contained a path traversal vulnerability. This vulnerability stemmed from the PATCH upload process, which validated the encoded request paths, but the downstream TUS...

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...

BorG SPM 代码问题漏洞

BorG SPM is a software platform developed by BorG in Taiwan, China, used for system performance monitoring and resource management analysis. The BorG SPM 2007 version has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthorized remote attackers to...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a security vulnerability. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the CSVAgents class,...

ktransformers 代码问题漏洞

KTransformers is an open-source framework for CPU-GPU heterogeneous large-scale inference and fine-tuning developed by kvcache.ai. Versions of KTransformers 0.5.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the balanceserve backend...

Luanti 代码注入漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti from 5.0.0 to 5.15.2 had a code injection vulnerability. This vulnerability stemmed from the ability of malicious mods to escape the sandbox Lua environment, potentially...

PT-2026-34599

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

PT-2026-34642

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

PT-2026-34650

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...