AWS VDP: Arbitrary Code Execution via Scanner Bypass in **aws-diagram-mcp-server** `exec()` Namespace

Description: The aws-diagram-mcp-server contains an arbitrary code execution vulnerability in diagramstools.py. User-supplied Python code is executed via execcode, namespace at line 305 with a namespace containing the full os module, urlretrieve, and Python builtins. A security scanner scanner.py...

Advisory ROSA-SA-2026-3144

Software: flac 1.3.2 OS: ROSA Virtualization 3.1 unaffected versions = flac-1.3.2-9.rv31.1 affected versions flac-1.3.2-9.rv31.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...

Advisory ROSA-SA-2026-3134

Software: flac 1.3.2 OS: ROSA Virtualization 2.1 unaffected versions = flac-1.3.2-9.rv3.1 affected versions flac-1.3.2-9.rv3.1 CVE-ID: CVE-2020-22219 BDU-ID: 2023-06152 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the bitwritergrow in function of the FLAC audio codec is related to an operation...

CVE-2025-65716

CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18. The issue allows attackers to execute arbitrary JavaScript code by uploading a crafted Markdown (.md) file, enabling local port enumeration and data exfiltration to a control domain. The vulnerability is tied ...

PT-2026-8354

Name of the Vulnerable Software and Affected Versions Code Runner versions prior to 0.12.2 Description A flaw exists in the code-runner.executorMap setting of the Code Runner extension for Visual Studio Code. This allows for the execution of arbitrary code when a specially crafted workspace is...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

PT-2026-20553

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool provided by Dassault Systèmes, a French company, for viewing, sharing, and annotating 2D/3D design files. There are security vulnerabilities in the SOLIDWORKS eDrawings SOLIDWORKS Desktop 2025 version up to the SOLIDWORKS Desktop 2026...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

ROS-20260216-73-0007

Vulnerability in wireshark related to writing outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20260216-73-0006

Vulnerability in wireshark related to writing outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

Code Runner 安全漏洞

Code Runner is a code execution tool developed by Jun Han. Version 0.12.2 of Code Runner has a security vulnerability, which stems from an issue with the code-runner.executorMap setting. This vulnerability could allow for the execution of arbitrary code...

PT-2026-8346

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description An Out-Of-Bounds Read vulnerability exists in the EPRT file reading procedure. This could allow an attacker to execute arbitrary code by opening a specially crafted EPRT file...

PT-2026-8355

Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...

CVE-2025-65715

The CVE-2025-65715 entry affects the Visual Studio Code extension Code Runner (v0.12.2). The vulnerability lies in the code-runner.executorMap setting, which can be manipulated to cause arbitrary code execution when a crafted workspace is opened. Evidence from multiple sources confirms this vulne...

ALSA-2026:2719 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution CVE-2026-24882 For more details about the security...

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.18 of Markdown Preview Enhanced contains a security vulnerability; this vulnerability arises from uploading specially crafted .md files, potentially allowing for the execution of arbitrary code...