PT-2026-1987

Name of the Vulnerable Software and Affected Versions MCP Manager for Claude Desktop affected versions not specified Description The software contains a security issue that allows for sandbox escape and arbitrary code execution within the context of the MCP Manager process. This is triggered by...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : GnuPG vulnerability (USN-7946-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7946-1 advisory. It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly u...

Siemens Ruggedcom ROX Integer Overflow or Wraparound (CVE-2018-1000876)

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be...

CVE-2025-70161

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

[SECURITY] [DLA 4374-2] pdfminer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4374-2 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 08, 2026 https://wiki.debian.org/LTS -...

USN-7946-1: GnuPG vulnerability

It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...

USN-7946-1 gnupg2 vulnerability

It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...

CVE-2026-0719

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719

CVE-2026-0719 is a libsoup NTLM handling flaw that can overflow an internal size calculation when processing very long passwords, causing a stack memory overrun and potential crash/denial of service. The affected component is the libsoup HTTP client/server library used by GNOME and related applic...

CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries

Overview The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-21427 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2026-21427

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer...

EUVD-2026-1590

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-66913

Summary (CVE-2025-66913) JimuReport (through v2.1.3) is vulnerable to remote code execution when handling user-controlled H2 JDBC URLs: the application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing directives to execute arbitrary Java code. The issue is distinct from C...

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup, which stems from a stack buffer overflow in the md4sum function in the NTLM authentication module, which could lead to the execution of arbitrary code...

Trend Micro Apex Central 安全漏洞

Trend Micro Apex Central is a web-based console from Trend Micro, Inc. A security vulnerability exists in Trend Micro Apex Central, which stems from a LoadLibraryEX vulnerability that could lead to the execution of arbitrary code by an unauthenticated, remote attacker...