CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

[SECURITY] [DSA 6157-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6157-1 [email protected] https://www.debian.org/security/ Andres Salomon March 05, 2026 https://www.debian.org/security/faq -...

EUVD-2026-10002

Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution...

postgresql16 security update

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced Object-Relational database management system...

postgresql security update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to version 2.17, PJSIP had a security vulnerability caused by a stack buffer overflow during the parsin...

GitHub Copilot CLI 操作系统命令注入漏洞

GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

timescaledb 代码问题漏洞

Timescaledb is an extension to the temporal database developed by Tiger Data. In versions of TimescaleDB 2.23.0 to 2.25.1, there is a code vulnerability caused by improper setting of the searchpath, which may lead to arbitrary code execution...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : ImageMagick vulnerabilities (USN-8069-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8069-1 advisory. It was discovered that ImageMagick did not properly decode certain SUN image files. An attack...

SUSE: Security Advisory (SUSE-SU-2026:0800-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 10 / 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:3958)

The remote Redhat Enterprise Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3958 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

NewStart CGSL MAIN 6.06 (SP) : util-linux Vulnerability (NS-SA-2026-0013)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has util-linux packages installed that are affected by a vulnerability: - Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVE-2014-9114 Note that Nessus has not tested for these issues but has instead...

AlmaLinux 10 : postgresql16 (ALSA-2026:3887)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3887 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

CVE-2026-28456

OpenClaw in Gateway has a path handling flaw: configurations may pass unconstrained hook module paths to dynamic import(), enabling local module execution in the Node.js process. Affects OpenClaw 2026.1.5 prior to 2026.2.14. Exploitation requires gateway config modification access. Impact: high o...

CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

CVE-2026-0848 Arbitrary Code Execution in NLTK StanfordSegmenter via Untrusted JAR Loading

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

GHSA-G48C-2WQR-H844 LangGraph checkpoint loading has unsafe msgpack deserialization

LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store for example, after a database compromise or other privileged write access to the persistence layer, they can...

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...