BorG SPM 代码问题漏洞

BorG SPM is a software platform developed by BorG in Taiwan, China, used for system performance monitoring and resource management analysis. The BorG SPM 2007 version has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthorized remote attackers to...

Froxlor 安全漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation for the deflanguage parameter in the API endpoints Customers.update and...

PT-2026-34650

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2026-34642

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

Luanti 代码注入漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti from 5.0.0 to 5.15.2 had a code injection vulnerability. This vulnerability stemmed from the ability of malicious mods to escape the sandbox Lua environment, potentially...

ktransformers 代码问题漏洞

KTransformers is an open-source framework for CPU-GPU heterogeneous large-scale inference and fine-tuning developed by kvcache.ai. Versions of KTransformers 0.5.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the balanceserve backend...

PT-2026-34741

Name of the Vulnerable Software and Affected Versions LeRobot versions prior to 0.6.0 Description An unsafe deserialization issue exists in the asynchronous inference pipeline of the policy server and robot client components. The software uses the pickle.loads function to deserialize data receive...

RHEL 8 : freerdp (RHSA-2026:10076)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10076 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

PT-2026-34767

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW BUNDLED HOOKS DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

PT-2026-34599

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

Debian dla-4546 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4546 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4546-1 [email protected]...

RockyLinux 8 : OpenEXR (RLSA-2026:8863)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8863 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block direct...

kernel: Linux kernel: RDMA/rxe use-after-free vulnerability leading to potential arbitrary code execution

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. This use-after-free vulnerability occurs in the rxecreatecq function. When the rxecqfrominit function fails, the subsequent call to rxecleanup attempts to free memory resource...

CVE-2026-31500

A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition exists in the Intel Bluetooth driver, where two functions can access the same memory concurrently without proper synchronization. This can lead to a use-after-free vulnerability, allowing a local attacker to potentially...

CVE-2026-34632

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the...

CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

Important: Red Hat Security Advisory: OpenJDK 11.0.31 ELS Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

EUVD-2026-24752

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

GHSA-XFXP-PPX7-CQRP camel-infinispan Vulnerable to Deserialization of Untrusted Data

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...