CVE-2026-9045

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

Important: Red Hat Security Advisory: libyang security update

An update for libyang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

USN-8130-3 gst-plugins-base1.0 vulnerability

USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...

Important: Red Hat Security Advisory: compat-libtiff3 security update

An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Exploit for CVE-2026-48962

Summary An eval injection vulnerability in File::GlobMappe...

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

MGASA-2026-0184 Updated wireshark packages fix security vulnerabilities

Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. This update fixes the reported issue...

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

CVE-2026-41003

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10;...

RHEL 8 : flatpak (RHSA-2026:25068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25068 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

ROS-20260610-73-0024

The vulnerability in Thunderbird is related to errors in data type mixing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

PT-2026-48454

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

EulerOS 2.0 SP13 : libtiff (EulerOS-SA-2026-2343)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

Debian dsa-6334 : gir1.2-poppler-0.18 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6334 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6334-1 [email protected]...

EUVD-2026-35873

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

CVE-2026-46432

CVE-2026-46432 (LMDeploy) affects lmdeploy