RHEL 10 : gpsd (RHSA-2026:1621)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1621 advisory. gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the...

TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from OS command injection in the web module, which could allow for the execution of...

TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from command injection in the VPN connection service, which could lead to the execution ...

ROS-20260202-73-0007

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.20.0 to 1.39.0 have code vulnerabilities. These vulnerabilities stem from path hijacking during the execution of the ioreg command in resource detection code, which may lead...

RHEL 10 : gnupg2 (RHSA-2026:1629)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1629 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

CVE-2020-37064

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMPNSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\EPSON Projector\EasyMP Network Projection V2\ to inject...

CVE-2020-37062 DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...

CVE-2020-37063

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSyst...

CVE-2020-37063 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSyst...

CVE-2020-37063

CVE-2020-37063 affects TFTP Turbo 4.6.1273 and is caused by an unquoted service path in the service configuration, enabling local attackers to inject and launch a malicious executable under LocalSystem permissions. The vulnerability can lead to arbitrary code execution with elevated privileges; C...

CVE-2020-37061 BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path

BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with...

PT-2026-5576

Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:Program FilesVeritasNetBackupbinbpinetd.exe to inject malicious code that would...

CVE-2026-25129

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

EUVD-2020-30932

Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted inp...

EUVD-2020-30947

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

EUVD-2020-30952

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...

EulerOS Virtualization 2.10.0 : freetype (EulerOS-SA-2026-1165)

According to the versions of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting ...

EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2026-1142)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with...