CVE-2024-36057

CVE-2024-36057 affects Koha Library prior to 23.05.10. The vulnerability stems from insufficient sanitization of user-controlled filenames before unzipping, allowing command injection via the shell in the unzip invocation within upload-cover-image.pl (example: the code executes qx/unzip $filename...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the browser’s UI, allowing remote attackers who had infiltrated the rendering process to...

freerdp security update

2:2.11.7-6 - Fix use of nscprocessmessage Resolves: RHEL-155984 2:2.11.7-5 - Backport several CVE fixes Resolves: RHEL-147954, RHEL-147955, RHEL-147970, RHEL-147977, RHEL-147980 Resolves: RHEL-148002, RHEL-148014, RHEL-148031, RHEL-148906, RHEL-148996 Resolves: RHEL-149007, RHEL-149056, RHEL-1559...

Oracle Linux 10 : freerdp (ELSA-2026-6799)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6799 advisory. 2:3.10.3-5.5 - Fix use of nscprocessmessage - Increase timeout for TestSynchCritical Resolves: RHEL-155979 2:3.10.3-5.4 - Backport several CVE fixes...

VMware Workstation 17.x, 25H2 < 25H2u1 Multiple Vulnerabilities (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by multiple vulnerabilities. - VMWare Workstation and Fusion contain a logic flaw in the management of network packets. A malicious actor with administrative privileges on a...

Why Every Enterprise Needs a Risk Operations Center (ROC)

Enterprise security has long optimized for speed of response over prevention of risk. At Qualys, we recognized early that this left half the problem unsolved, and we have spent years building the operational frameworks to close that gap. The Risk Operations Center is the result. Here is a scenari...

CVE-2026-34778

A flaw was found in Electron, a framework for building desktop applications. A service worker running in a session could spoof reply messages on the internal Inter-Process Communication IPC channel. This vulnerability affects applications that have service workers registered and use the results o...

SQL Injection

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to SQL Injection via the Search process. An attacker can execute arbitrary SQL commands on the underlying databas...

MAL-2026-2526 Malicious code in request-js-validator (npm)

Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

Malicious code in request-js-validator (npm)

Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

CVE-2026-5554

A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/processsearch.php of the component Parameter Handler. Performing a manipulation of the argument...

BIT-NODE-MIN-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

OpenAirInterface 安全漏洞

OpenAirInterface is a mobile communication network software platform developed by the French company OpenAirInterface. OpenAirInterface V2.2.0 contains a security vulnerability. This vulnerability arises from AMF crashing when receiving NGAP messages that contain invalid process codes or invalid...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained a security vulnerability; this vulnerability stemmed from infinite recursion in the parser, which could lead to process crashes...

PT-2026-30657

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

PT-2026-35850

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue exists in WebMIDI. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...

EUVD-2019-20058

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...

CVE-2019-25661

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...

CVE-2019-25661

Remote Process Explorer 1.0.0.16 is affected by a local buffer overflow in the Add Computer dialog. A crafted string pasted into the computer name textbox can crash the added computer by overwriting the SEH chain, causing denial of service. The issue is local, with low attack complexity and no pr...

CVE-2019-25661 Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...