CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

EUVD-2026-30512

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

CVE-2026-44088

SzafirHost is affected by a remote code execution vulnerability where the code verifies the signature of a downloaded JAR with JarInputStream (from the file start) but loads classes using JarFile/URLClassLoader (reading from the end of the Central Directory). An attacker can combine a genuine, si...

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

EUVD-2025-209879

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

CVE-2025-54517

CVE-2025-54517: Out of bounds write in the AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. Affected component: AMD graphics driver/kernel ioctl path (AMDGV_CMD_GET_DIAG_DATA). Root cause: out-of-bounds write in the ioctl handler...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow → R...

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

CVE-2026-44193

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restoreconfigsection fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7...

CVE-2026-31233

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

nginx-rift-private-lab

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

PT-2026-41320

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...