Download of Code Without Integrity Check

Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check in the update process due to improper handling of attacker-controlled HTTP response headers. An attacker can achieve arbitrary code execution by influencing update responses to inject path...

Download of Code Without Integrity Check

Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check via the verifyDownload function that does not perform integrity or authenticity verification of downloaded update. An attacker can execute arbitrary code by supplying a malicious executable that ...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

CVE-2026-42510

A flaw was found in OpenStack Ironic. When configured with a console interface in a non-default setup, this vulnerability allows an attacker to execute ipmitool commands. This unauthorized execution can lead to remote management of the underlying hardware, potentially resulting in arbitrary code...

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RLSA-2026:11062 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

USN-8221-1: wheel vulnerability

It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...

Cockpit 安全漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier contained security vulnerabilities, which were caused by issues with the filter parameter in multiple endpoints. These vulnerabilities could lead to arbitrary code executi...

AgentFlow 代码注入漏洞

AgentFlow is an open-source multi-agent orchestration and dependency graph execution tool developed by Bera Buddies. AgentFlow has a code injection vulnerability, which stems from allowing attackers to execute local Python scripts by providing user-controlled pipelinepath parameters through POST...

Easy MPEG to DVD Burner 安全漏洞

Easy MPEG to DVD Burner is a multi-format video processing software developed by Easy MPEG, capable of burning MPEG videos onto DVDs. Version 1.7.11 of Easy MPEG to DVD Burner contains a security vulnerability. This vulnerability stems from improper handling of structured exceptions, which can le...

Projectworlds Free Download Online Shopping System 安全漏洞

Projectworlds Free Download Online Shopping System is an online shopping system developed by the Indian company Projectworlds. Version 2.0 Built 417 of the Projectworlds Free Download Online Shopping System has a security vulnerability. This vulnerability stems from a local buffer overflow in the...

Flexense SysGauge Pro 安全漏洞

Flexense SysGauge Pro is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.6.12 of Flexense SysGauge Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

PT-2026-35984

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

PT-2026-35987

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

PT-2026-35982

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling SEH mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger...

PT-2026-35976

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...