CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

CVE-2026-22619

Eaton IPP is affected by insecure library loading in its executable, enabling arbitrary code execution if an attacker obtains the software package. The issue is mitigated by a fix available in the latest Eaton IPP version on Eaton’s download center. The public reports consistently describe the ro...

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

EUVD-2026-23166

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-6350

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-6363

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495751197...

CVE-2026-6348

WinMatrix agent by Simopro Technology is affected by a Missing Authentication vulnerability. The CVE-2026-6348 issue allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine and on all hosts in the environment where the agent is installed. Credent...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-40504

CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...

PT-2026-33382

Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...

IBM Langflow Desktop Deserialization Vulnerability

IBM Langflow Desktop is an AI process orchestration desktop application from International Business Machines IBM. A deserialization vulnerability exists in IBM Langflow Desktop versions 1.8.2 and earlier. The vulnerability stems from an insecure default setting that allows deserialization of...

PT-2026-33221

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity vm exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity fiber reassi...

Google Chrome Codecs Component Memory Misreference Vulnerability (CNVD-2026-17817)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...

Snowflake Cortex Code CLI 安全漏洞

Snowflake Cortex Code CLI is an open-source command-line development tool provided by Snowflake. Versions of Snowflake Cortex Code CLI prior to 1.0.25 contained security vulnerabilities. These vulnerabilities were due to improper validation of bash commands, which could allow attackers to execute...

RockyLinux 10 : openexr (RLSA-2026:7682)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7682 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block...

RHEL 8 : libarchive (RHSA-2026:8521)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8521 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...

Google Chrome PDFium Component Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the PDFium component of Google Chrome, which can be exploited by an attacker to execute arbitrary code in the sandbox via specially crafted PDF files...