120932 matches found
Autodesk 3ds Max 缓冲区错误漏洞
Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which stems from memory corruption during the parsing of specially crafted RGB files. This vulnerability may allow for the execution of arbitrary code...
PT-2026-6017
Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed project directory, when used to open a max file in Autodesk 3ds Max, may allow for the execution of arbitrary code with the privileges of the current process. Th...
Autodesk 3ds Max 安全漏洞
Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max, which stems from a stack buffer overflow issue during the parsing of specially crafted GIF files. This vulnerability may allow for the execution of...
CVE-2025-69621
CVE-2025-69621 affects Comic Book Reader v1.0.95. The vulnerability is an arbitrary file overwrite in the file import process, which could allow overwriting critical internal files and potentially lead to arbitrary code execution or exposure of sensitive information. Provided connected sources co...
Langroid 代码注入漏洞
Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...
PT-2026-6014
Name of the Vulnerable Software and Affected Versions Autodesk Arnold affected versions not specified Autodesk 3ds Max affected versions not specified Description A specially designed USD file can cause an Out-of-Bounds Write issue when opened or imported into Autodesk Arnold or Autodesk 3ds Max...
Important: python3.12-wheel security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software from the American company Docker, designed for lightweight application deployment using container technology. This product provides a desktop environment that allows creating containers lightweight virtual machines on Linux/Windows/Mac OS systems, as well as...
PT-2026-6266
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.8 Description n8n is a workflow automation platform. A flaw in the Python Code node allows authenticated users to bypass the Python sandbox and run code outside the intended security limits. The vulnerability allows f...
ALSA-2026:1902 Important: python-wheel security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Notepad++ < 8.8.9 Update Integrity Verification Vulnerability
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain a vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controll...
ALSA-2026:1939 Important: python3.12-wheel security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Emacs vulnerabilities (USN-8011-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8011-1 advisory. It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp- completion-at-point on untrust...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Pagure vulnerabilities (USN-7984-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7984-1 advisory. Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibl...
Movable Type 安全漏洞
Movable Type is a content management system developed by Movable Type Inc. There is a security vulnerability in Movable Type, which stems from CSV files generated when is entered; these files may contain malicious code, potentially allowing arbitrary code to execute on the user’s system...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : GNU C Library vulnerabilities (USN-8005-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8005-1 advisory. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when...
CVE-2026-24512
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection
A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...
CVE-2026-1580
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...
CVE-2020-37072
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...