PT-2026-35934

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

RHEL 10 : freerdp (RHSA-2026:11333)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11333 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

PT-2026-35912

Name of the Vulnerable Software and Affected Versions Ollama for Windows versions 0.12.10 through 0.17.5 Description The update mechanism in Ollama for Windows allows Remote Code Execution due to improper handling of attacker-controlled HTTP response headers. The application constructs local file...

Alloksoft WMV to AVI MPEG DVD WMV Converter 安全漏洞

Alloksoft WMV to AVI MPEG DVD WMV Converter is a video format conversion tool developed by Alloksoft Corporation. Version 4.6.1217 of Alloksoft WMV to AVI MPEG DVD WMV Converter contains a security vulnerability. This vulnerability stems from a buffer overflow issue, which may allow local attacke...

PT-2026-35984

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

Flexense SysGauge Pro 安全漏洞

Flexense SysGauge Pro is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.6.12 of Flexense SysGauge Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

Easy MPEG to DVD Burner 安全漏洞

Easy MPEG to DVD Burner is a multi-format video processing software developed by Easy MPEG, capable of burning MPEG videos onto DVDs. Version 1.7.11 of Easy MPEG to DVD Burner contains a security vulnerability. This vulnerability stems from improper handling of structured exceptions, which can le...

Alloksoft Video joiner 安全漏洞

Alloksoft Video Joiner is a tool developed by Alloksoft Corporation that allows for the merging of multiple video files into a single video. Version 4.6.1217 of Alloksoft Video Joiner contains a security vulnerability. This vulnerability stems from a buffer overflow issue, which may allow local...

FreeBSD : firefox -- Memory safety bugs (560f4838-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 560f4838-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory...

RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

FreeBSD : firefox -- Memory safety bugs (5a44e168-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5a44e168-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C202797...

FreeBSD : Mozilla -- Memory safety bugs (6881ae01-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6881ae01-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C200131...

FreeBSD : Mozilla -- Memory safety bugs (6f1af47d-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f1af47d-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C202238...

RHEL 9 : LibRaw (RHSA-2026:11360)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11360 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...

RHEL 9 : pcs (RHSA-2026:11469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11469 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary cod...

CVE-2026-7349

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...

EUVD-2026-26175

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in crypto/algifaead.c. The authencesn cryptographic template has a 4-byte overwrite past the end of its buffer, which can be controlled to write into the page cache of any readable file. This allows a...

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...