CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

Delta Electronics ASDA-Soft

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

CVE-2026-22619

Eaton IPP is affected by insecure library loading in its executable, enabling arbitrary code execution by an attacker with access to the software package. The issue has been fixed in the latest Eaton IPP version available via the Eaton download center. Practitioner takeaway: verify that IPP insta...

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

EUVD-2026-23166

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-6350

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-6363

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495751197...

CVE-2026-6348

WinMatrix agent by Simopro Technology is affected by a Missing Authentication vulnerability. The CVE-2026-6348 issue allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine and on all hosts in the environment where the agent is installed. Credent...

CVE-2026-40504

CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...

Snowflake Cortex Code CLI 安全漏洞

Snowflake Cortex Code CLI is an open-source command-line development tool provided by Snowflake. Versions of Snowflake Cortex Code CLI prior to 1.0.25 contained security vulnerabilities. These vulnerabilities were due to improper validation of bash commands, which could allow attackers to execute...

Simopro WinMatrix 安全漏洞

Simopro WinMatrix is an industrial control software developed by Simopro Company in Taiwan, China. Simopro WinMatrix has a security vulnerability that stems from the lack of authentication, which may allow for the execution of arbitrary code...

Gravity 安全漏洞

Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...

PT-2026-33248

Name of the Vulnerable Software and Affected Versions WinMatrix agent affected versions not specified Description A missing authentication flaw allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine. This issue can lead to privilege escalation...

PT-2026-33221

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity vm exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity fiber reassi...

RHEL 8 : libarchive (RHSA-2026:8521)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8521 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...