📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

Linux Distros Unpatched Vulnerability : CVE-2026-9968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Remote Spark SparkView 安全漏洞

Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop and terminal access. Versions of Remote Spark SparkView prior to build 1127 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in RDP driver redirection,...

Linux Distros Unpatched Vulnerability : CVE-2026-9969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-9999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a...

Linux Distros Unpatched Vulnerability : CVE-2026-10015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Veeam Service Provider Console 9.x < 9.2.1.33875 RCE (KB4853)

The version of Veeam Service Provider Console installed on the remote Windows host is prior to 9.2.1.33875. It is, therefore, affected by a remote code execution vulnerability: - A vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note that Nessus ha...

Linux Distros Unpatched Vulnerability : CVE-2026-9883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security...

Linux Distros Unpatched Vulnerability : CVE-2026-9973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE SLES15 Security Update : php7 (SUSE-SU-2026:2091-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2091-1 advisory. This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code...

SUSE SLES15 Security Update : redis (SUSE-SU-2026:2099-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2099-1 advisory. This update for redis fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code...

📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution

MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...

📄 Casdoor 3.54.1 Arbitrary File Write / Path Traversal

Casdoor versions prior to 3.54.1 suffer from an arbitrary file write vulnerability via a path traversal. This can result in remote code execution via a shell upload or ssh key injection. Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpa...

PT-2026-44855

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/method name and /simple execute/method name endpoints deserialize attacker-controlled HTTP request...

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.2 contained a security vulnerability. This vulnerability stemmed from the import of malicious ZIP archives whe...

Samba Unauthenticated Remote Code Execution

The printing subsystem of Samba suffers from an unauthenticated remote code execution vulnerability. Samba 4.22.10, 4.23.8 and 4.24.3 have been issued as security releases to correct the defect...

ROS-20260529-73-0026

The vulnerability of the JSONSCHEMAVALID function in the MariaDB database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause service interruptions and execute arbitrary code by sending a specially crafted JSON file...

SUSE SLES15 Security Update : redis7 (SUSE-SU-2026:2100-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2100-1 advisory. This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization...

Linux Distros Unpatched Vulnerability : CVE-2026-9960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-10006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium...