📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

PT-2026-45371

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the XCom PATCH endpoint "PATCH /api/v2/xcomEntries/key" allows an authenticated UI/API user with XCom write permission on a Dag to set XCom entries using reserved key names, such as...

PT-2026-45578

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A heap buffer overflow exists in multiple functions within sdp discovery.cc. This flaw allows for remote code execution in proximal or adjacent network environments without requiring addition...

PUB-A-472711335

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45442

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...

PUB-A-481311295

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45420

Name of the Vulnerable Software and Affected Versions HP Poly VVX 150 HP Poly VVX 250 HP Poly VVX 350 HP Poly VVX 450 HP Poly Trio 8300 HP Poly Trio 8500 HP Poly Trio 8800 Description An unauthenticated stack-based buffer overflow exists in HP Poly Voice products on the Linux platform during the...

PUB-A-449160232

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-447536200

In multiple functions of sdpdiscovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-479911219

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-480123693

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

IBM WebSphere Application Server（WAS） 代码问题漏洞

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...

IBM WebSphere Application Server（WAS） 代码注入漏洞

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...

PT-2026-45543

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description Remote code execution is possible due to the bypass of security controls. Recommendations At the moment, there is no information about a newe...

PT-2026-45545

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

PT-2026-45373

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the default access policy of the...

PUB-A-449726527

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-481652714

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...