CVE-2026-23836

HotCRP (conference review software) is affected by CVE-2026-23836. A flaw introduced in April 2024 in version 3.1 enables inadequately sanitized code generation for HotCRP formulas, allowing the execution of arbitrary PHP code (remote code execution). This issue impacts HotCRP 3.1 and is mitigate...

USN-7968-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

CVE-2025-15536

A flaw was found in BYVoid OpenCC. This vulnerability involves a heap-based buffer overflow, a type of memory corruption, within the MaxMatchSegmentation function. A local attacker can exploit this by providing specially crafted input, which may lead to information disclosure, denial of service, ...

[SECURITY] [DLA 4442-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4442-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 19, 2026 https://wiki.debian.org/LTS -...

Code Injection

Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...

Important: Red Hat Security Advisory: gpsd security update

An update for gpsd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Wondershare Dr. Fone Code Issue Vulnerability

Wondershare Dr. Fone is a one-stop solution for cell phones from China's Wanxing Wondershare. A code issue vulnerability exists in Wondershare Dr. Fone, which stems from an unquoted service path that can be exploited by an attacker to cause a local user to execute arbitrary code and elevate syste...

Adobe Dreamweaver License Issue Vulnerability

Adobe Dreamweaver is a professional web code editor and web development tool developed by Adobe. Adobe Dreamweaver suffers from an authorization issue vulnerability that can be exploited by attackers to execute arbitrary code on the system...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11772)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...

PT-2026-3507

Name of the Vulnerable Software and Affected Versions Alchemy versions prior to 7.4.12 Alchemy versions prior to 8.0.3 Description Alchemy, a Ruby on Rails content management system, allows an authenticated attacker to execute arbitrary system commands on the host operating system. The applicatio...

FreeRDP security vulnerabilities

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.21.0 contained security vulnerabilities. These vulnerabilities stemmed from the freerdpbitmapdecompressplanar function, which did not validate the nSrcWidth and nSrcHeight parameter...

Integer Overflow Vulnerability in Multiple Mozilla Products

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

MiracleLinux 7 : mercurial-2.6.2-7.el7 (AXEA:2017-1725:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXEA:2017-1725:01 advisory. - In Mercurial before 4.1.3, hg serve --stdio allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by...

Linux Distros Unpatched Vulnerability : CVE-2026-23534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands deco...

MiracleLinux 7 : vim-7.4.160-1.el7.1 (AXSA:2016-1205:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-1205:01 advisory. VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular...

MiracleLinux 3 : pango-1.14.9-5AXS3 (AXSA:2009-50:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-50:01 advisory. Pango is a system for layout and rendering of internationalized text. Fixed bugs: CVE-2009-1194 Integer overflow in the pangoglyphstringsetsize function in...

CVE-2026-0863

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...

CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...

[SECURITY] [DSA 6103-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2026 https://www.debian.org/security/faq -...