ALSA-2026:1472 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187...

USN-7982-1: FFmpeg vulnerabilities

It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. CVE-2025-59728 It was...

AZL-75588 CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-14

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

EUVD-2026-4738

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...

CVE-2020-36983

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

EUVD-2020-30868

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

EUVD-2020-30869

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling...

Command Injection

Overview runx is a runx - experiment manager for machine learning research Affected versions of this package are vulnerable to Command Injection in undisclosed functionality. According to the vendor, an attacker can execute arbitrary code, escalate privileges, cause denial of service, disclose...

CVE-2025-69419

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

Eval Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Eval Injection during the Expression evaluation workflow. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not...

CVE-2026-24810

A flaw was found in rethinkdb. Commonly known as a classic buffer overflow, the vulnerability allows a remote, unauthenticated attacker to provide specially crafted input. Successful exploitation can lead to arbitrary code execution, granting the attacker full control over the affected system...

CVE-2025-41726

CVE-2025-41726 affects Beckhoff components (Beckhoff: Arbitrary code execution within privileged processes). The connected records describe a low-privileged remote attacker who can issue specially crafted calls to the Device Manager web service or interact via an API, triggering integer overflows...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

EUVD-2025-206407

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

Exploit for CVE-2025-56005

Ply 3.11 Exploit Rejection This project argues that CVE‑202...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the PNGImageEncoder process. An attacker can execute arbitrary code by supplying crafted input that is improperly handled during image encoding. Remediation A fix was pushed into the master branch but not ye...