CVE-2026-7584

The CVE describes an Arbitrary Code Execution in LabOne Q caused by unsafe deserialization: its serialization framework uses a class-loading mechanism (import_cls) that accepted fully-qualified class names without validating targets or restricting modules. An attacker can craft a malicious serial...

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

EUVD-2026-26483

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

PT-2026-36487

Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists in the sync-invoke TCP server. The server receives data from a TCP socket and passes it directly to the unserialize function within the OpisClosure...

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

Open-Vehicle-Monitoring-System-3 安全漏洞

Open-Vehicle-Monitoring-System-3 is an open source vehicle remote monitoring and diagnostic control system from Open Vehicles. A security vulnerability exists in Open-Vehicle-Monitoring-System-3 version 3.3.005, which stems from a failure to properly validate the phdr.len field in...

CVE-2026-37541

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatgvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames...

Zurich Instruments LabOne Q 代码问题漏洞

Zurich Instruments LabOne Q is a software platform for experimental control and automation in quantum computing, developed by the Swiss company Zurich Instruments. There are code vulnerabilities in Zurich Instruments LabOne Q; these vulnerabilities stem from the importcls mechanism in the...

CVE-2026-37552

CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...

PT-2026-36852

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...

PT-2026-36851

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description vm2 is an open source vm/sandbox for Node.js. The use of SuppressedError allows attackers to escape the sandbox and execute arbitrary code. Recommendations Update to version 3.11.0...

open-amp 输入验证错误漏洞

open-amp is an OpenAMP open source framework that supports communication and lifecycle management between heterogeneous multi-core processors. An input validation error vulnerability exists in open-amp version v2025.10.0, which stems from an integer overflow in the ELF loader during firmware imag...

hashcat 缓冲区错误漏洞

Hashcat is a high-performance password recovery and cracking tool developed by Hashcat developers. Version 7.1.2 of Hashcat contains a buffer overflow vulnerability. This vulnerability stems from a heap-based buffer overflow in the Kerberos hash resolver. The reason for this vulnerability is that...

CVE-2026-42469

CVE-2026-42469 describes a buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. The flaw resides in canformat_canswitch.cpp where the parser does not properly validate the CANswitch DLC value, enabling remote attackers to cause a denial of service or potentially execute ar...

PT-2026-36304

The LabOne Q serialization framework uses a class-loading mechanism import cls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

CVE-2025-60889

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...