AZL-79517 CVE-2026-3713 affecting package libpng12 1.2.57-16

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

AZL-79520 CVE-2026-3713 affecting package libpng15 1.5.30-15

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

CVE-2026-3713

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

PT-2026-23921

Name of the Vulnerable Software and Affected Versions libpng versions up to 1.6.55 Description A heap-based buffer overflow exists in the do pnm2png function within the pnm2png.c file of the pnm2png component. The issue is triggered by manipulating the width and height arguments. Exploitation is...

CVE-2026-3664

A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compounddocument::readdirectory of the file source/detail/cryptography/compounddocument.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds rea...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the xlnt::detail::binarywriter::append function in the Compound Document Parser process. An attacker can cause a heap-based buffer overflow by providing specially crafted input to this function during loca...

GHSA-5V6X-RFC3-7QFR OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...

CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

PT-2026-22514

Name of the Vulnerable Software and Affected Versions FascinatedBox lily versions prior to 2.3 Description A flaw exists in FascinatedBox lily, specifically within the eval tree function of the src/lily emitter.c file, leading to a null pointer dereference. This issue is exploitable locally. The...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

Canon IJ Scan Utility 安全漏洞

Canon IJ Scan Utility is a scanner management software developed by the Japanese company Canon. Versions 1.1.2 to 1.5.0 of Canon IJ Scan Utility contain security vulnerabilities. These vulnerabilities stem from the unquoted Windows service executable path, which may allow local attackers to execu...

CVE-2026-1585

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service...

📄 Windows Notepad Markdown Link Code Execution

The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SQFuncState::PopTarget function in the file sqfuncstate.cpp. An attacker can cause an out-of-bounds read by manipulating the targetstack argument during local execution. Remediation There is no fixed version f...

CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

PT-2026-20518

Saturn Remote Mouse Server contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending specially crafted UDP JSON frames to port 27000. Attackers on the local network can send malformed packets with unsanitized command data that the...

CVE-2019-25309

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that wil...

📄 Qualys Security Advisory - GHOST glibc gethostbyname Buffer Overflow

During a code audit performed internally at Qualys, they discovered a buffer overflow in the nsshostnamedigitsdots function of the GNU C Library glibc. This bug is reachable both locally and remotely via the gethostbyname functions, so we decided to analyze it -- and its impact -- thoroughly, and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: binutils (UTSA-2026-005332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005332 advisory. A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulatio...