CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

The CVE concerns UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The issue is an Incorrect Default Permissions (CWE-276) that enables arbitrary code execution with SYSTEM privileges by loading a specially crafted DLL. According to the provided metrics, it is a Local attack with LOW att...

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

KLA90912 ACE vulnerability in Microsoft Device

A remote code execution vulnerability was found in Microsoft Devices Pricing Program. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21536 Exploitation CVE list CVE-2026-21536 critical Solution Install necessary updates from the KB section,...

Ghost 注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...

Avira Internet Security 安全漏洞

Avira Internet Security is a network security software developed by the German company Avira. Avira Internet Security has a security vulnerability, which stems from the System Speedup component deserializing unreliable data. This could allow local attackers to execute arbitrary code with SYSTEM...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from D-Link Corporation. The D-Link DIR-513 v1.10 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the curTime parameter of the goform/formSetMACFilter function, which may allow for the execution of...

PT-2026-23441

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.14.3 Description Backstage, an open framework for building developer portals, contains a configuration bypass that can lead to arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlis...

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

Important: postgresql15

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

ALSA-2026:3896 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

Important: postgresql16

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

Apple Multiple Products Integer Overflow or Wraparound Vulnerability

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...

Debian dsa-6155 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6155 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/securit...

Eval Injection

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Eval Injection in the calluserfuncarray function, which executes eval on user-supplied input, and does not sanitize the second argume...

CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

EUVD-2026-9428

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...

CVE-2026-20008

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...