EUVD-2026-30773

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

FacturaScripts 输入验证错误漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...

CVE-2026-26462

CVE-2026-26462 affects Offline Hospital Management System 5.3.0. The root cause is an improper Electron renderer configuration that enables Node.js integration while disabling context isolation, allowing JavaScript in the renderer to access Node.js APIs and execute arbitrary operating system comm...

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; one of these vulnerabilities stems from the fact that the ROUTER socket, which handles multi-modal generation during runtime scheduling, is...

Oracle Linux 10 : ruby (ELSA-2026-18065)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18065 advisory. 3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244 Tenable has extracted the preceding descripti...

PT-2026-41687

Name of the Vulnerable Software and Affected Versions Caddy versions 2.7.0 through 2.11.2 Description The FastCGI transport's splitPos function in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses the search.IgnoreCase feature of the golang.org/x/text/search library when a request path...

PT-2026-41734

Name of the Vulnerable Software and Affected Versions amazon-redshift-python-driver versions prior to 2.1.14 Description Unsafe use of Python's eval function on data received from a server within the vector in function allows a rogue server or man-in-the-middle actor to execute arbitrary code on...

PT-2026-41670

Name of the Vulnerable Software and Affected Versions SGLang affected versions not specified Description The multimodal generation runtime allows unauthenticated remote code execution when the --enable-custom-logit-processor option is active. This occurs because Python objects loaded through the...

chroma 代码注入漏洞

Chroma is an open-source AI data infrastructure tool developed by Chroma. Versions of Chroma 1.0.0 and later have a code injection vulnerability. This vulnerability stems from a pre-authentication code injection issue, allowing unauthenticated attackers to execute arbitrary code on the server by...

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; these vulnerabilities arise when the --enable-custom-logit-processor option is enabled, resulting in unvalidated deserialization of Python...

MiracleLinux 9 : gimp-3.0.4-1.el9_7.5 (AXSA:2026-630:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-630:04 advisory. gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image CVE-2026-4887 gimp: GIMP: Remote Code Execution via XPM File Parsi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021483)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021483 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointer...

PT-2026-41736

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.71 FreePBX versions prior to 17.0.6 Description The backup module fails to properly sanitize data during restore operations. When extracting files from a user-supplied tar archive, the system reads malicious file...

SGLang contains two remote code execution and one path traversal vulnerability

Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution RCE, and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have...

Alibaba Cloud Linux 3 : 0106: libtiff (ALINUX3-SA-2026:0106)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0106 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4775: A flaw was found in the libtiff...

TencentOS Server 3: gimp:2.8 (TSSA-2026:0324)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Ivanti Virtual Traffic Manager (vTM) < 22.9R4 OS Command Injection (CVE-2026-8051)

The version of Ivanti Virtual Traffic Manager vTM running on the remote host is prior to 22.9R4. It is, therefore, affected by an OS command injection vulnerability: - OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin...

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...