206143 matches found
PraisonAI 安全漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.115 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete list of sandbox properties, which could allow bypassing security restrictions and...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
TP-Link Archer AX53 安全漏洞
The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior to the version v1.0 1.7.1 Build 20260213, the TP-Link Archer AX53 had a security vulnerability. This vulnerability stemmed from insufficient input validation in the dnsmasq module, which could allow authenticated...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...
PT-2026-32052
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Autonomous Digital Experience Manager on Windows affected versions not specified Description A certificate validation issue exists in Palo Alto Networks Autonomous Digital Experience Manager on Windows. An unauthenticated...
PT-2026-31502
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw exists in Google Chrome's handling of untrusted input within the Media component. A remote attacker compromising the renderer process could potentially execute arbitrary code...
TP-Link Archer AX53 安全漏洞
The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior versions of the TP-Link Archer AX53, including v1.0, 1.7.1 Build 20260213, contained security vulnerabilities. These vulnerabilities were caused by a stack-based buffer overflow in the tmpServer module, which cou...
PT-2026-31297
Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description A command injection issue exists in alerts within CoolerControl/coolercontrold. Authenticated attackers can execute arbitrary code as root by injecting bash commands into alert...
Red Hat Quay 代码问题漏洞
Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has code-related vulnerabilities. These vulnerabilities arise from the possibility of tampering with the...
Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...
Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...
Mozilla Firefox and Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2026-16992)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...
PT-2026-31544
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...
KLA91054 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in WebCodecs can be exploited to cause denial of service. 2. Use aft...
Google Chrome < 147.0.7727.55 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 147.0.7727.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop advisory. - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an...
Oracle Linux 8 : vim (ELSA-2026-6915)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6915 advisory. - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the DANE client authentication process. An attacker can cause memory corruption, application crashes, or potentially execute arbitrary code by manipulating TLSA records with both PKIX-TA/PKIX-EE and DANE-TA certificate...
CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...