RLSA-2026:0728 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...

CVE-2025-14237

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....

Debian dsa-6103 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6103 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected]...

RockyLinux 10 : gnupg2 (RLSA-2026:0697)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0697 advisory. GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 Tenable has extracted the preceding descriptio...

GHSA-CC8M-98FM-RC9G Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

EUVD-2026-2860

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2026-23742 Skipper arbitrary code execution through lua filters

Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...

CVE-2026-23722

WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...

CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...

CVE-2021-47828

CVE-2021-47828 relates to BOOTP Turbo 2.0.0.1253, where the Windows service bootpt.exe uses an unquoted service path. The underlying issue is an unquoted path in the service configuration, enabling elevated LocalSystem code execution during startup or reboot. Mitigation is to quote the service pa...

CVE-2021-47826 Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path

Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\NTI\Acer Backup Manager\ to inject malicious executables that...

Cross-site Scripting (XSS)

Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...

Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution (CVE-2025-1550).

Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability...

CVE-2026-1021

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1021

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-1021

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-14234

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 and...

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....