Agenta 代码注入漏洞

Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...

CVE-2026-26682

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...

Digital Arts FinalCode Client 代码问题漏洞

Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts in Japan. The Digital Arts FinalCode Client has a code vulnerability that stems from issues with the DLL search path in the installer, which may allow arbitrary code to be...

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contain security vulnerabilities. These vulnerabilities stem from stack buffer overflows during the parsing of NHML files, which may allow for the execution of arbitrary code...

SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2026:0615-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0615-1 advisory. Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serv...

SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2026:0614-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0614-1 advisory. Update to version 16.12. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serv...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...

Eval Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...

Exploit for CVE-2025-49132

CVE-2025-49132 is a critical arbitrary code execution vulnerabil...

CVE-2025-69771

Cross-Site Scripting XSS vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume th...

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

CVE-2026-25785

CVE-2026-25785 describes a path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server, versions up to 9.4.7.3 and earlier. The issue could allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system via a network attack with l...

Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration ...

Adobe After Effects Resource Management Error Vulnerability (CNVD-2026-12868)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a resource management error vulnerability...

Adobe After Effects Resource Management Error Vulnerability (CNVD-2026-12869)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a resource management error vulnerability...