CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

Acer PredatorSense 路径遍历漏洞

Acer PredatorSense is a system management software developed by Acer, a company based in Taiwan, China. Versions 3.00.3136 to 3.00.3196 of Acer PredatorSense contain a path traversal vulnerability. This vulnerability stems from an exposed Windows named pipe configuration error in the program. It...

Astra Linux - уязвимость в postgresql-11

schemaelement defeats protective measures for search paths; It was discovered that certain database calls in PostgreSQL could allow an authenticated attacker with elevated database-level privileges to execute arbitrary code...

EUVD-2018-21825

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

Exploit for CVE-2026-39816

Apache NiFi CVE-2026-39816 POC Proof-of-concept demonstration...

CVE-2026-7279 eMPIA Technology｜AVACAST - DLL Hijacking

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

Oracle VM VirtualBox Core Component Memory Corruption Vulnerability (CNVD-2026-18426)

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to create and run virtual machines on host operating systems. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory...

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

CVE-2026-30898

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

EUVD-2026-23658

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-4134

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...

EUVD-2026-22581

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally...

CVE-2026-4345

CVE-2026-4345 describes a stored XSS flaw in Autodesk Fusion desktop: a malicious design name, when exported to CSV, can execute in the app’s process context and read local files. Affected: Fusion desktop application; vulnerability arises from stored payload in design names. CVSS base metrics ind...

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

PT-2026-32851

CVE-2026-32199 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...