sumatrapdf 安全漏洞

Sumatrapdf is an open-source PDF reader developed by SumatraPDF Reader. Versions 3.5.0 to 3.5.2 of SumatraPDF have security vulnerabilities. These vulnerabilities stem from the update mechanism disabling TLS hostname verification and failing to check the installer’s signature, which may allow...

VulnCheck KEV: CVE-2010-2959

Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service system crash via...

ROS-20260209-73-0047

Vulnerability in golang related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

MiracleLinux 8 : python3.12-wheel-0.41.2-4.el8_10 (AXSA:2026-155:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-155:02 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding descripti...

USN-8020-1: libsoup vulnerabilities

It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-1467, CVE-2026-1536 It was discovered that libsoup did n...

USN-8004-2: FreeRDP regression

USN-8004-1 fixed vulnerabilities in FreeRDP. The update for CVE-2026-23533 introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kim Dong Han discovered that FreeRDP did not correctly validate the size of certain variables, which...

CVE-2026-25731

A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file...

Tenda TX9 安全漏洞

The Tenda TX9 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda TX9 goform/SetStaticRouteCfg file, which originates from the parameter list of the function sub42D03C within the file /goform/SetStaticRouteCfg that fails to correctly validate t...

RLSA-2026:2048 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Heap buffer overflow leading to denial of service and...

SUSE CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

CVE-2020-37162

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through t...

CVE-2020-37159

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution...

RockyLinux 9 : freerdp (RLSA-2026:2048)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2048 advisory. freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. CVE-2026-23530 freerdp: FreeRDP...

Wedding Slideshow Studio 安全漏洞

Wedding Slideshow Studio is a wedding photo and video editing software developed by the Wedding Slideshow Studio company. Version 1.36 of Wedding Slideshow Studio contains a security vulnerability; this vulnerability stems from a buffer overflow in the registration name field, which could allow f...

CVE-2020-37162 Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through t...

CVE-2020-37162

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through t...

CVE-2020-37159

Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution...

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2026-25520

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...