206159 matches found
PT-2026-31297
Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description A command injection issue exists in alerts within CoolerControl/coolercontrold. Authenticated attackers can execute arbitrary code as root by injecting bash commands into alert...
Red Hat Quay 代码问题漏洞
Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has code-related vulnerabilities. These vulnerabilities arise from the possibility of tampering with the...
PT-2026-31544
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.22.1 through 3.90.2 Description A flaw exists in the task management component of Sonatype Nexus Repository. An authenticated attacker possessing task creation permissions can execute arbitrary code,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from SWIG filenames marked with the "go" label and containing carefully crafted malicious...
Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-16993)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...
Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...
TP-Link Archer AX53 安全漏洞
The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior to the version v1.0 1.7.1 Build 20260213, the TP-Link Archer AX53 had a security vulnerability. This vulnerability stemmed from insufficient input validation in the dnsmasq module, which could allow authenticated...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...
KLA91054 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in WebCodecs can be exploited to cause denial of service. 2. Use aft...
Oracle Linux 8 : vim (ELSA-2026-6915)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6915 advisory. - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary...
PraisonAI 安全漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.115 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete list of sandbox properties, which could allow bypassing security restrictions and...
freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...
Important: Red Hat Security Advisory: freerdp security update
An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the DANE client authentication process. An attacker can cause memory corruption, application crashes, or potentially execute arbitrary code by manipulating TLSA records with both PKIX-TA/PKIX-EE and DANE-TA certificate...
CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...
Deserialization of Untrusted Data
Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the algofrompickle function in monai/auto3dseg/utils.py. An attacker can execute arbitrary code by providing a crafted pickle file that is deserialized...
CVE-2026-32863
There is a memory corruption vulnerability due to an out-of-bounds read in sentrytransactioncontextsetoperation in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafte...