CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65716

CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18. The issue allows attackers to execute arbitrary JavaScript code by uploading a crafted Markdown (.md) file, enabling local port enumeration and data exfiltration to a control domain. The vulnerability is tied ...

ROS-20260216-73-0007

Vulnerability in wireshark related to writing outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20260216-73-0006

Vulnerability in wireshark related to writing outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

PT-2026-8346

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description An Out-Of-Bounds Read vulnerability exists in the EPRT file reading procedure. This could allow an attacker to execute arbitrary code by opening a specially crafted EPRT file...

PT-2026-8355

Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...

CVE-2025-65715

The CVE-2025-65715 entry affects the Visual Studio Code extension Code Runner (v0.12.2). The vulnerability lies in the code-runner.executorMap setting, which can be manipulated to cause arbitrary code execution when a crafted workspace is opened. Evidence from multiple sources confirms this vulne...

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.18 of Markdown Preview Enhanced contains a security vulnerability; this vulnerability arises from uploading specially crafted .md files, potentially allowing for the execution of arbitrary code...

RHEL 10 : gnupg2 (RHSA-2026:2753)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2753 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool provided by Dassault Systèmes, a French company, for viewing, sharing, and annotating 2D/3D design files. There are security vulnerabilities in the SOLIDWORKS eDrawings SOLIDWORKS Desktop 2025 version up to the SOLIDWORKS Desktop 2026...

Code Runner 安全漏洞

Code Runner is a code execution tool developed by Jun Han. Version 0.12.2 of Code Runner has a security vulnerability, which stems from an issue with the code-runner.executorMap setting. This vulnerability could allow for the execution of arbitrary code...

ALSA-2026:2719 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution CVE-2026-24882 For more details about the security...

CVE-2019-25374 OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

PT-2026-8247

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

CVE-2026-1988

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the flexipsgcarousel shortcode. This is due to the theme parameter being directly concatenated into a file path without proper sanitization ...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...