Linux Distros Unpatched Vulnerability : CVE-2026-34444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed throug...

RHEL 6 : vim (RHSA-2026:6725)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6725 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via command injection in glob...

RHEL 8 : vim (RHSA-2026:6730)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6730 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

PT-2026-31058

Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. There is a security vulnerability in pyLoad. This vulnerability arises from the fact that the “storagefolder” option is not included in the ADMINONLYOPTIONS set, and it bypasses existing path restrictions. This could allow users with...

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

EUVD-2026-19471

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

GO-2026-4920 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai

KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai...

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

DEBIAN-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

UBUNTU-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...