freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit this vulnerability when a client connects to it. Specifically, offscreen bitmap deletion can lead to a use-after-free UAF condition, where the client attempts to use memory that has...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

USN-8047-1 pillow vulnerability

Yarden Porat discovered that Pillow incorrectly handled certain malformed PSD images. An attacker could use this issue to cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

PT-2026-20265

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

PT-2026-20347

Name of the Vulnerable Software and Affected Versions Tenable Security Center affected versions not specified Description A Command Injection issue exists that allows an authenticated, remote attacker to execute arbitrary code on the server hosting Tenable Security Center. Successful exploitation...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70828

Datart v1.0.0-rc.3 contains a vulnerability where the JDBC configuration’s url parameter allows attackers to execute arbitrary code. The issue is consistently described across Red Hat, CVE listings, and PT Security, identifying the affected component as the JDBC URL handling. Impact is described ...

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V3 V3.0.0-B20220304.1804 version contains a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the staticipv6 parameter of the formIpv6Setup function, which may allow fo...

Tenable Security Center 安全漏洞

Tenable Security Center is a security center provided by the American company Tenable. There are security vulnerabilities present in Tenable Security Center, and these vulnerabilities stem from remote attacks by authentication attackers, which allow them to execute arbitrary code...

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V2.1.1-B20211108.1455 version contains a buffer error vulnerability. This vulnerability stems from an overflow in the stack buffer of the vpnUser or vpnPassword parameters in the formFilter function, whi...

RHEL 9 : freerdp (RHSA-2026:2770)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2770 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...