PT-2026-21517

Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions prior to 3.4.8 Description Dell Repository Manager DRM has an issue related to an uncontrolled search path element. A local attacker with limited privileges could potentially exploit this, leading to arbitrary...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

eAI ERP 代码问题漏洞

eAI ERP is an enterprise resource management software developed by eAI Corporation. eAI ERP has code vulnerabilities, which stem from DLL hijacking. These vulnerabilities may allow authenticated local attackers to execute arbitrary code...

PT-2026-21496

Name of the Vulnerable Software and Affected Versions eAI Technologies ERP versions prior to F2 Description The software is susceptible to a DLL hijacking issue. Authenticated local attackers can exploit this by placing a crafted DLL file in the same directory as the program, which allows for...

AlmaLinux 8 : openssl (ALSA-2026:3042)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3042 advisory. openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419 Tenable has extracted the preceding description block...

RHEL 8 : openssl (RHSA-2026:3042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3042 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419...

RHEL 9 : freerdp (RHSA-2026:3037)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3037 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

Debian dla-4491 : libglib2.0-0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4491 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4491-1 [email protected]...

Arbitrary Code Execution

logback-core is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe configuration file processing that allows instantiation of arbitrary classes present on the application classpath, where an attacker with write access to the logback configuration file can cause malicio...

SUSE SLES15: postgresql17 / postgresql17-contrib / postgresql17-devel / etc (SUSE-SU-2026:0586-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0586-1 advisory. Update to version 17.8. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few...

SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:0585-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0585-1 advisory. Update to version 18.2. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serve...

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

CVE-2019-25441

The CVE-2019-25441 entry concerns thesystem 1.0, where an unauthenticated attacker can trigger a command injection via the run_command endpoint. The vulnerability allows posting shell commands in the command parameter to execute arbitrary system commands on the server. Impact is described as HIGH...

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-27475

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

K000160103: PostgreSQL vulnerability CVE-2022-2625

Security Advisory Description A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait...