Google Chrome < 144.0.7559.177 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 144.0.7559.177. It is, therefore, affected by a vulnerability as referenced in the 202602extended-stable-updates-for-desktop13 advisory. - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote...

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VMSVGA...

CVE-2019-25332

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remot...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

[SECURITY] [DSA 6133-1] postgresql-17 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6133-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

CVE-2025-48503

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-52541

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2019-25345

CVE-2019-25345 involves Realtek RTK IIS Codec Service 6.4.10041.133, where an unquoted service path in the service configuration for RtkI2SCodec could allow a local attacker to inject a malicious executable and escalate privileges. The vulnerability is described as enabling local code execution w...

CVE-2019-25345 RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

USN-8040-1: MUNGE vulnerability

Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged the MUNGE authentication daemon. A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution...

CVE-2025-54519

A DLL hijacking vulnerability (root cause: uncontrolled search paths) in Doc Nav (Documentation Navigator) related to Vivado 2024.2 installations could allow a local attacker to achieve privilege escalation and potentially arbitrary code execution. Affected component: Documentation Navigator. Exp...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2023-31313

An unintended proxy or intermediary in the AMD power management firmware PMFW could allow a privileged attacker to send malformed messages to the system management unit SMU potentially resulting in arbitrary code execution...

CVE-2023-31313

An unintended proxy or intermediary in the AMD power management firmware PMFW could allow a privileged attacker to send malformed messages to the system management unit SMU potentially resulting in arbitrary code execution...

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

AZL-77426 CVE-2026-2006 affecting package postgresql for versions less than 16.12-1

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...