CVE-2026-5473 NASA cFS Pickle pickle.load deserialization

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2026-5473 NASA cFS Pickle pickle.load deserialization

A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to be performed locally. The attack requires a high level of complexity. The exploitability is...

CVE-2026-5473

CVE-2026-5473 affects NASA cFS (up to 7.0.0). The vulnerable element is the Pickle Module’s pickle.load, enabling deserialization. The attack is local, requires a high level of complexity, and exploitation is deemed difficult. Public disclosure exists, and the project was informed via an issue bu...

CVE-2026-23424

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

CVE-2026-23418

The CVE-2026-23418 issue affects the Linux kernel component drm/xe/reg_sr. It describes a memory leak that occurs when xa_store() fails to store a newly allocated entry, leaving the entry not freed on the error path. The patched fix frees the allocated entry on error (notably via a goto fail_free...

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

CVE-2026-5463

The vulnerability CVE-2026-5463 affects the pymetasploit3 project (through version 1.0.6) where console.run_module_with_output() accepts newline characters in module options (e.g., RHOSTS). This can break the intended command structure and cause the Metasploit console to execute additional uninte...

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

CVE-2026-5453

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...

CVE-2026-5453

Summary: CVE-2026-5453 affects the Android app “Rico só vantagem pra investir” up to version 4.58.32.12421. The vulnerability concerns the component br.com.rico.mobile SegmentSettingsModule.java, where manipulation of the argument SEGMENT_WRITE_KEY leads to use of a hard-coded cryptographic key. ...

EUVD-2026-18336

OpenSTAManager: SQL Injection via Aggiornamenti Module...

GHSA-2FR7-CC4F-WH98 OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

Core Flight System（cFS） 代码问题漏洞

Core Flight System cFS is a generic flight software architecture framework open source by NASA, used for flagship spacecraft, manned spacecraft, cube satellites, and Raspberry Pi devices. Versions of Core Flight System cFS 7.0.0 and earlier contained code vulnerabilities. These vulnerabilities...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...

LiteLLM 1.82.7 / 1.82.8 Supply Chain Compromise (GHSA-5mg7-485q-xm76)

The version of the LiteLLM Python package installed on the remote host is 1.82.7 or 1.82.8. These versions were published to PyPI by a threat actor known as TeamPCP using compromised maintainer credentials obtained through the Aqua Security Trivy supply chain attack. The malicious releases contai...

Belden Hirschmann HiOS和Belden Hirschmann HiSecOS 授权问题漏洞

Belden Hirschmann HiOS and Belden Hirschmann HiSecOS are both products of the American company Belden. Belden Hirschmann HiOS is an industrial Ethernet switch operating system. Belden Hirschmann HiSecOS is an industrial network security device operating system. There are authorization-related...

emlog 跨站脚本漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.8 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site script in the comment module, which could lead to cross-site scripting attacks...

AlmaLinux 9 : kernel (ALSA-2026:6153)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6153 advisory. kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: drm/sched: Fix potential double free in...

PT-2026-30197

Name of the Vulnerable Software and Affected Versions NASA cFS versions prior to 7.0.0 Description A deserialization issue exists in the Pickle Module within the pickle.load function. This flaw allows for manipulation through local access, although the attack requires a high level of complexity a...