Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...

CVE-2026-48065

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to ndevices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 --...

Microsoft Office ClickToRun 访问控制错误漏洞

Microsoft Office ClickToRun is a component developed by Microsoft that allows for the download and installation of Microsoft Office products. There is an access control error vulnerability present in Microsoft Office ClickToRun. Attackers can exploit this vulnerability to gain higher privileges...

CVE-2026-43405

In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...

SUSE CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

CVE-2026-37530

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3...

CVE-2025-15610

The .NET Remoting framework used by OpenText Fax RightFax includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible...

EUVD-2026-21732

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

PT-2026-32180

Name of the Vulnerable Software and Affected Versions libexif versions through 0.6.25 Description A flaw exists in libexif that involves an unsigned 32bit integer overflow when handling Nikon MakerNote data. This issue can lead to crashes or information leaks. The issue is limited to 32bit system...

HTTPS Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...

HTTP Fetch, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...

CLSA-2026-1774997937 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDouble functions - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

SUSE SLES12 Security Update : giflib (SUSE-SU-2026:1005-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1005-1 advisory. - CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption bsc1259502. Tenable has extracted the preceding descriptio...

CVE-2026-27784

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

CVE-2026-2588 Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN sizet to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems sizet is typically 32-bits while an unsigned long long is at least 64-bi...

PT-2026-7679

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler SEH through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22080)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22080 advisory. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002831 advisory. The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings the...