Deserialization of Untrusted Data

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Deserialization of Untrusted Data

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute arbitrary code...

EUVD-2026-20515

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server...

CVE-2026-30814 Buffer Overflow Vulnerability in TP-Link AX53

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the handling of table captions during the rendering process. An attacker can execute arbitrary code with the privileges of the desktop client by syncing a crafted note containing malicious HTML or JavaScript ...

Type Confusion

Handlebars is vulnerable to Type Confusion. The vulnerability is due to unsanitized handling of pre-parsed AST input in Handlebars.compile, which allows an attacker to inject malicious JavaScript via crafted AST nodes and execute arbitrary code...

USN-8156-1 gdk-pixbuf vulnerability

It was discovered that GDK-PixBuf incorrectly handled certain JPEG files. An attacker could use this issue to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-5735

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...

CVE-2026-5734

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...

CVE-2026-5731

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

CVE-2026-33273

CVE-2026-33273 affects MATCHA INVOICE, versions 2.6.6 and earlier. The issue is an unrestricted upload vulnerability (CWE-434) that could allow an administrator to create arbitrary files on the server, potentially enabling arbitrary code execution. Public reports in JVN, NVD, CVE records, and thi...

CVE-2026-33273

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

Red Hat Quay 代码问题漏洞

Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has code-related vulnerabilities. These vulnerabilities arise from the possibility of tampering with the...

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

Mozilla Firefox and Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2026-16992)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior to the version v1.0 1.7.1 Build 20260213, the TP-Link Archer AX53 had a security vulnerability. This vulnerability stemmed from insufficient input validation in the dnsmasq module, which could allow authenticated...