RLSA-2026:19159 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

openexr security update

An update is available for openexr. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file forma...

RLSA-2026:19068 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

CVE-2026-45555

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

EUVD-2026-33302

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

CVE-2026-45555

Summary : The Roslyn CodeLens MCP Server (MCP) processes Diagnostics via get_diagnostics, loading all DiagnosticAnalyzer assemblies in the target solution without any allowlist, signature check, or user confirmation. From versions 0.0.9–1.17.0, this enables arbitrary code execution in the MCP ser...

CVE-2026-10072

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-10071

DreamMaker by Interinfo is affected by an Arbitrary File Upload vulnerability that allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary code execution on the server. The publicly referenced entries (CVE-2026-10071) confirm a high-severity issue wit...

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

RLSA-2026:21756 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

CVE-2026-7480

CVE-2026-7480 : An Incorrect Permission Assignment for Critical Resource vulnerability affects the ASUS System Control Interface. A local user can elevate privileges to SYSTEM and execute arbitrary code by sending a crafted RPC call that bypasses the validation mechanism. This description is supp...

EUVD-2026-33164

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

PT-2026-45021

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A sandbox escape exists that allows attackers to execute arbitrary code on the host system. This is achieved by combining Buffer.call.call. lookupGetter , Buffer, " proto ", Buffer.call.call. lookupSett...

PT-2026-44742

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libcaca vulnerability (USN-8318-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8318-1 advisory. It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to...

ROS-20260529-73-0006

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...