Canva Affinity Type Obfuscation Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. A type confusion vulnerability exists in Canva Affinity, which can be exploited by an attacker to cause a specially crafted EMF file to trigger memory corruption and execute arbitrary code...

PT-2026-28222

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from issues with the /parser/dwoo component. Attackers can execute arbitrary code through specially crafted PHP code...

PT-2026-28284

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...

RHEL 10 : freerdp (RHSA-2026:5936)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5936 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

CVE-2026-30457

CVE-2026-30457 affects Daylight Studio FuelCMS v1.5.2 in the internal /parser/dwoo component. The issue allows attackers to execute arbitrary PHP code through crafted PHP input, indicating a code-execution vulnerability with a high impact. The available sources identify the affected software/vers...

PT-2026-28398

Name of the Vulnerable Software and Affected Versions FuelCMS version 1.5.2 Description An issue exists in the /parser/dwoo component that allows attackers to execute arbitrary code through crafted PHP code. The affected component is susceptible to code execution when processing specially designe...

Nsasoft Nsauditor 缓冲区错误漏洞

Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.0.28.0 contains a buffer error vulnerability, which stems from buffer overflows during structured exception handling. This vulnerability could allow for the execution of arbitra...

ALSA-2026:5939 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

ALSA-2026:5913 Moderate: ncurses security update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

[SECURITY] [DSA 6178-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6178-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 25, 2026 https://www.debian.org/security/faq -...

Plexus-Utils has a Directory Traversal vulnerability in its extractFile method

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

DEBIAN-CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

UBUNTU-CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2026-23383

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter JIT Just-In-Time compiler on arm64 architectures. The BPF JIT allocator incorrectly requests a 4-byte alignment for its buffer, while a critical target field within the bpfplt structure requires 8-byte alignment. This misalignment...

CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

CVE-2026-25345

CVE-2026-25345 affects the WordPress SimpLy Gallery plugin (simply-gallery-block) up to version 3.3.2. The issue is an improper validation of a specified quantity in input, allowing access to functionality not properly constrained by ACLs. This can lead to arbitrary code execution (as reported in...