CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

CVE-2026-50023

CVE-2026-50023 affects yt-dlp prior to 2026.06.09. A vulnerability allows writing arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) to the user’s filesystem by exploiting an allowlist that was meant to preserve the --write-link functionality, bypassing CVE-2024-38519. The issue is trigg...

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

UBUNTU-CVE-2026-50555

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-54267

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-54268

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50171

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-52725

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50557

Angular is a development platform for building mobile and desktop web...

UBUNTU-CVE-2026-50170

Angular is a development platform for building mobile and desktop web...

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...

CVE-2020-37251

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

CVE-2020-37251 RealTimes Desktop Service 18.1.4 Unquoted Service Path Privilege Escalation

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

EUVD-2020-31252

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...