13613 matches found
CVE-2026-42080
PPTAgent contains an arbitrary file write vulnerability in the component handling slide generation. Prior to commit 418491a, an attacker could write arbitrary files via save_generated_slides. The issue has been patched in commit 418491a. Impact details in the public records indicate a low to medi...
CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42080
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42079
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...
CVE-2026-42078 PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...
CVE-2026-42078
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...
GHSA-6RCX-55R6-JX65 Prefect Git Argument Injection in GitRepository Pull Steps
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
Arbitrary Argument Injection
Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...
CVE-2026-36365
CVE-2026-36365 concerns Lymphatus caesium-image-compressor (all versions up to commit 02da2c6). The issue allows a local attacker to execute arbitrary code via the functions shutdownMachine and putMachineToSleep in PostCompressionActions.cpp. CVSS 3.1 base score 7.8 (High): Local attacker with lo...
PT-2026-36892
Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit 4ca26bc Description An integer overflow exists in the load pnm function during the computation of WHD size. A specially crafted PNM, PGM, or PPM file containing large dimension values can cause the...
PT-2026-36828
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...
PT-2026-36858
Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An arbitrary file write issue exists in this agentic framework for reflective PowerPoint generation. The flaw occurs through the save generated slides function. Recommendations Update to...
PT-2026-36856
Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An agentic framework for reflective PowerPoint generation allows arbitrary file write and directory creation through the markdown table to image function. Recommendations Update to commit...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: EXT4: Filter out the EXT4FCREPLAY bit from the on-disk superblock’s sstate field. The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are currently replaying the fast commit journal. This was actually a mistake, a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fixed the issue of parameter context leaks during the damonsysfsnewtestctx function failure. Patches in the series “mm/damon/sysfs: fixed memory leaks and NULL pointer dereferencing issues”, version 4. DAMONSYSFS...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: s390/idle: mark archcpuidle noinstr The linux-next commit “cpuidle: tracing: Warn about !rcuiswatching” adds a new warning that affects the archcpuidle function on the s390 architecture. WARNING: “CPU: 2 PID: 0 at...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by the lack of skb-cb initialization in the ipvlan network driver. The vulnerability is exploitable if CONFIGIPVLAN is...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
A reachable assertion in FFmpeg’s git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service DoS by opening a crafted AAC file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: Avoid using partially committed contexts. One major use of damoncall is the update of DAMON parameters online. This is done by calling damoncommitctx within the damoncall callback function. damoncommitctx can fail...