Avigilon ACM - Host Header Injection

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software from the American company Docker, designed for lightweight application deployment using container technology. This product provides a desktop environment that allows creating containers lightweight virtual machines on Linux/Windows/Mac OS systems, as well as...

Movable Type 安全漏洞

Movable Type is a content management system developed by Movable Type Inc. There is a security vulnerability in Movable Type, which stems from CSV files generated when is entered; these files may contain malicious code, potentially allowing arbitrary code to execute on the user’s system...

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which stems from memory corruption during the parsing of specially crafted RGB files. This vulnerability may allow for the execution of arbitrary code...

CVE-2025-69621

CVE-2025-69621 affects Comic Book Reader v1.0.95. The vulnerability is an arbitrary file overwrite in the file import process, which could allow overwriting critical internal files and potentially lead to arbitrary code execution or exposure of sensitive information. Provided connected sources co...

PT-2026-6266

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.8 Description n8n is a workflow automation platform. A flaw in the Python Code node allows authenticated users to bypass the Python sandbox and run code outside the intended security limits. The vulnerability allows f...

Langroid 代码注入漏洞

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...

PT-2026-6017

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed project directory, when used to open a max file in Autodesk 3ds Max, may allow for the execution of arbitrary code with the privileges of the current process. Th...

PT-2026-6015

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed GIF file, when processed by Autodesk 3ds Max, can lead to a Stack-Based Buffer Overflow. An attacker could exploit this to execute arbitrary code with the...

Autodesk 3ds Max 安全漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max, which stems from a stack buffer overflow issue during the parsing of specially crafted GIF files. This vulnerability may allow for the execution of...

ALSA-2026:1902 Important: python-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Pagure vulnerabilities (USN-7984-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7984-1 advisory. Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibl...

PT-2026-6014

Name of the Vulnerable Software and Affected Versions Autodesk Arnold affected versions not specified Autodesk 3ds Max affected versions not specified Description A specially designed USD file can cause an Out-of-Bounds Write issue when opened or imported into Autodesk Arnold or Autodesk 3ds Max...

Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : GNU C Library vulnerabilities (USN-8005-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8005-1 advisory. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when...