RHEL 8 : ruby:3.3 (RHSA-2026:20614)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20614 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

ALSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

MAL-2026-4437 Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

CVE-2018-25366

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

USN-8301-1 simpleeval vulnerability

Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code...

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

CVE-2018-25376

CVE-2018-25376 affects Socusoft 3GP Photo Slideshow 8.05. A buffer overflow in the registration dialog can be triggered by crafted input in Registration Name/Registration Key, allowing local attackers to overwrite the SEH chain and execute shellcode (reverse shell) via a local exploit. This impli...

CVE-2018-25356

A flaw was found in SIPp. A local attacker can exploit a buffer overflow vulnerability by providing oversized input to command-line arguments, such as -3pcc, -i, or -logfile. This can lead to arbitrary code execution or cause the application to crash, resulting in a denial of service...

CVE-2026-48831

A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...

USN-8299-1 rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

CLSA-2026-1779694248 mpg123: Fix of CVE-2024-10573

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated upstream svn-r5442, main fix, and...

EUVD-2026-31642

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

CVE-2026-9489

NitroSense V3 (affected versions prior to 3.01.3052) contains a Local Privilege Escalation due to a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions. The misconfiguration allows any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTE...

EUVD-2026-31619

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

CVE-2026-9489 NitroSense V3: Local Privilege Escalation (LPE) vulnerability

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

SocuSoft iPod Photo Slideshow 安全漏洞

SocuSoft iPod Photo Slideshow is a photo album video creation software from SocuSoft. A security vulnerability exists in SocuSoft iPod Photo Slideshow version 8.05, which originates from a buffer overflow in the registration dialog box that could allow a local attacker to execute arbitrary code b...

Linux Distros Unpatched Vulnerability : CVE-2023-47268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is...

CVE-2018-25355 Audiograbber 1.83 Local Buffer Overflow via SEH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers a...