CVE-2026-24465

Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution...

CVE-2026-24694

The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the application...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Important: Red Hat Security Advisory: python-wheel security update

An update for python-wheel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

USN-8011-1: Emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

USN-8011-1 emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

USN-8010-1 python-pip vulnerabilities

Several security issues were discovered in the libraries bundled in pip. An attacker could possibly use these issues to perform a variety of attacks, such as denial of service or arbitrary code execution...

Adobe Experience Manager Forms - Insecure Deserialization

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...

Avigilon ACM - Host Header Injection

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

Autodesk 3ds Max 代码问题漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There are code vulnerabilities in Autodesk 3ds Max. These vulnerabilities stem from the use of untrusted search paths when opening max files, which may lead to the execution of arbitrary code...

PT-2026-6015

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed GIF file, when processed by Autodesk 3ds Max, can lead to a Stack-Based Buffer Overflow. An attacker could exploit this to execute arbitrary code with the...

Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which stems from memory corruption during the parsing of specially crafted RGB files. This vulnerability may allow for the execution of arbitrary code...

PT-2026-6017

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed project directory, when used to open a max file in Autodesk 3ds Max, may allow for the execution of arbitrary code with the privileges of the current process. Th...

Autodesk 3ds Max 安全漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max, which stems from a stack buffer overflow issue during the parsing of specially crafted GIF files. This vulnerability may allow for the execution of...