Projectworlds Free Download Online Shopping System 安全漏洞

Projectworlds Free Download Online Shopping System is an online shopping system developed by the Indian company Projectworlds. Version 2.0 Built 417 of the Projectworlds Free Download Online Shopping System has a security vulnerability. This vulnerability stems from a local buffer overflow in the...

RHEL 9 : LibRaw (RHSA-2026:11360)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11360 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...

FreeBSD : firefox -- Memory safety bugs (560f4838-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 560f4838-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory...

Alloksoft Video joiner 安全漏洞

Alloksoft Video Joiner is a tool developed by Alloksoft Corporation that allows for the merging of multiple video files into a single video. Version 4.6.1217 of Alloksoft Video Joiner contains a security vulnerability. This vulnerability stems from a buffer overflow issue, which may allow local...

RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

Easy MPEG to DVD Burner 安全漏洞

Easy MPEG to DVD Burner is a multi-format video processing software developed by Easy MPEG, capable of burning MPEG videos onto DVDs. Version 1.7.11 of Easy MPEG to DVD Burner contains a security vulnerability. This vulnerability stems from improper handling of structured exceptions, which can le...

PT-2026-35934

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

AMI BIOS SMM Security Update

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. HP has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...

AgentFlow 代码注入漏洞

AgentFlow is an open-source multi-agent orchestration and dependency graph execution tool developed by Bera Buddies. AgentFlow has a code injection vulnerability, which stems from allowing attackers to execute local Python scripts by providing user-controlled pipelinepath parameters through POST...

PT-2026-35984

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

EUVD-2026-26232

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

RHEL 10 : freerdp (RHSA-2026:11333)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11333 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

PT-2026-35987

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

Flexense SysGauge Pro 安全漏洞

Flexense SysGauge Pro is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.6.12 of Flexense SysGauge Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the...

FreeBSD : firefox -- Memory safety bugs (5a44e168-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5a44e168-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C202797...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in crypto/algifaead.c. The authencesn cryptographic template has a 4-byte overwrite past the end of its buffer, which can be controlled to write into the page cache of any readable file. This allows a...

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

CVE-2026-41373 OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

CVE-2026-41373

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

CVE-2025-60889

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...