PT-2026-20436

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

OpenCFD OpenFOAM 安全漏洞

OpenCFD OpenFOAM is a software toolkit developed by the British company OpenCFD, used for numerical simulation of continuum mechanics problems. Version OpenCFD OpenFOAM 2506 contains a security vulnerability, which stems from a defect in the Code Stream command function. This defect may allow...

PT-2026-20488

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A specially designed CATPART file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could lead to a program crash, data...

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2025-2292 OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability February 18, 2026 CVE Number CVE-2025-61982 SUMMARY An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A...

ChaosPro 安全漏洞

ChaosPro is an open-source fractal geometry generation software developed by ChaosPro. Version 2.0 of ChaosPro contains a security vulnerability, which stems from buffer overflows in the handling of configuration file paths. This vulnerability could potentially allow arbitrary code to execute by...

KLA90895 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement vulnerability in Frames can be exploited to cause denial of service. 2...

Debian dsa-6139 : gimp - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6139 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6139-1 [email protected]...

NLTK 安全漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK has a security vulnerability that stems from the unzipiter function using zipfile.extractall without performing path validation or security checks...

RHEL 10 : python-wheel (RHSA-2026:2865)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2865 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

RHEL 9 : python3.12-wheel (RHSA-2026:2866)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2866 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Fedora 42 : gnupg2 (2026-59fdfa64f5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-59fdfa64f5 advisory. Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution Tenable has extracted the preceding description block directly...

CVE-2026-23599 Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

[SECURITY] [DSA 6138-1] libpng1.6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6138-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2026 https://www.debian.org/security/faq -...

Incomplete Fix for CVE-2025-10279: get_or_create_nfs_tmp_dir() Still Creates World-Writable (0o777) Directories Enabling Local Code Execution

Description Description CVE-2025-10279 huntr bounty 01d3b81e identified that MLflow's getorcreatetmpdir created temporary directories with world-writable permissions 0o777, enabling local attackers to tamper with model artifacts and achieve arbitrary code execution. The fix PR 17544, commit...

CVE-2026-1335

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1334

An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-2630

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...