Debian dsa-6155 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6155 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/securit...

Apple Multiple Products Integer Overflow or Wraparound Vulnerability

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...

Eval Injection

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Eval Injection in the calluserfuncarray function, which executes eval on user-supplied input, and does not sanitize the second argume...

CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

EUVD-2026-9428

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...

CVE-2026-20008

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

USN-8069-1 imagemagick vulnerabilities

It was discovered that ImageMagick did not properly decode certain SUN image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-25897 It was discovered that ImageMagick did not properly validate pix...

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

SUSE CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

Oracle Linux 8 : openssl (ELSA-2026-50131)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50131 advisory. - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing ticketlifetimehint exceed 1 week in TLSv1.3 and breaks compliant...

Debian dsa-6152 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6152 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6152-1 [email protected]...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Rack vulnerabilities (USN-8066-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8066-1 advisory. Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal...

CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

CVE-2025-13686 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component...

Permissive List of Allowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the unsafeglobals function that does not block pkgutil.resolvename Python stdlib function. An attacker can...

GHSA-7WX9-6375-F5WH PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...