Yokogawa CENTUM VP R6, R7

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CVE-2026-23703

The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...

CVE-2026-25191

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

CVE-2026-27975

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

EUVD-2026-8832

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

CVE-2026-27975

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

USN-8066-1 ruby-rack vulnerabilities

Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal attack. An attacker could possibly use this issue to leak sensitive information. CVE-2026-22860 Ali Firas discovered that Rack did not correctly sanitize certain inputs. An...

CVE-2026-26682

Summary: fastCMS prior to v0.1.6 contains a security issue in the PluginController.java that enables a local attacker to execute arbitrary code. Affected software/component: fastCMS (PluginController.java). Impact: local code execution with high impact (per CVSS) as described in referenced record...

PT-2026-22151

Name of the Vulnerable Software and Affected Versions Flair versions 0.4.1 through latest Description The deserialization of untrusted data in the LanguageModel class can lead to arbitrary code execution when loading a malicious model. Recommendations Versions prior to 0.4.1 are not affected. At...

PT-2026-22161

Name of the Vulnerable Software and Affected Versions fastCMS versions prior to 0.1.6 Description An issue exists in fastCMS that allows a local attacker to execute arbitrary code via the PluginController.java component. Recommendations Update to version 0.1.6 or later...

CVE-2026-26682

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...

PT-2026-22208

Name of the Vulnerable Software and Affected Versions NVDA Dev & Test Toolbox versions 2.0 through 8.0 Description A security issue exists in the Log Reader feature of the NVDA Dev & Test Toolbox add-on. Maliciously crafted log files can lead to arbitrary code execution when a user reads them usi...

flair 安全漏洞

Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...

PT-2026-22141

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contain security vulnerabilities. These vulnerabilities stem from stack buffer overflows during the parsing of NHML files, which may allow for the execution of arbitrary code...

CVE-2026-26682

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...

Digital Arts FinalCode Client 代码问题漏洞

Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts in Japan. The Digital Arts FinalCode Client has a code vulnerability that stems from issues with the DLL search path in the installer, which may allow arbitrary code to be...

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...