CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

ROS-20260122-73-0013

A vulnerability in the DevTools component of the Google Chrome browser is related to an unexpected sign extension. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260122-73-0008

Vulnerability in strongswan related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

Rufus security vulnerabilities

Rufus is a reliable USB formatting tool developed by Pete Batard as an individual developer. Versions of Rufus 4.11 and earlier contained security vulnerabilities. These vulnerabilities stemmed from race conditions during the creation, validation, and execution of Fido PowerShell scripts, which...

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

RHEL 8 : gnupg2 (RHSA-2026:0974)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0974 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

Azure Linux 3.0 Security Update: orc (CVE-2024-40897)

The version of orc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40897 advisory. - Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer ...

Azure Linux 3.0 Security Update: keras (CVE-2025-1550)

The version of keras installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1550 advisory. - The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manual...

Autodesk Fusion security vulnerabilities

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. There is a security vulnerability in Autodesk Fusion, which stems from the malicious HTML payload stored in the design name. This vulnerability may lead to storage-side cross-site scripting...

PT-2026-3924

Name of the Vulnerable Software and Affected Versions MeetingHub affected versions not specified Description MeetingHub, developed by HAMASTAR Technology, has an arbitrary file upload issue. This allows unauthenticated remote attackers to upload and execute web shell backdoors, leading to arbitra...

wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file...

Ubuntu: Security Advisory (USN-7969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-23737

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

CVE-2026-22807

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

DEBIAN-CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

CVE-2025-69209

The CVE-2025-69209 entry concerns ArduinoCore-avr. A stack-based buffer overflow occurs in earlier releases (versions before 1.8.7) when converting floating-point values to strings with very high precision via dtostrf, writing beyond fixed-size stack buffers, causing memory corruption and potenti...

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

CVE-2021-47861

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be...