Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

Arbitrary Code Injection

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

EUVD-2026-5040

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

CVE-2026-1699

CVE-2026-1699 concerns the Eclipse Theia Website repository. The issue: the GitHub Actions workflow .github/workflows/preview.yml used the pull_request_target trigger while checking out and executing untrusted PR code. This allowed any GitHub user to run arbitrary code in the repository’s CI envi...

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete sanitization of Promise callbacks, where globalPromise.prototype.then and catch are not sanitized while localPromise is, this allowing attackers to bypass sandbox restrictions via async function return values and execute...

NVIDIA CUDA toolkit gfx_hotspot module command injection vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...

PT-2026-5480

Name of the Vulnerable Software and Affected Versions Code Blocks version 17.12 Description Code Blocks 17.12 contains a local buffer overflow that allows attackers to execute arbitrary code. This is achieved by crafting a malicious file name with Unicode characters. Attackers can trigger the iss...

Port Forwarding Wizard security vulnerabilities

Port Forwarding Wizard is a port forwarding tool developed by an invalid account developer. Version 4.8.0 of Port Forwarding Wizard contains a security vulnerability, which stems from a buffer overflow in the Register function. This vulnerability could allow local attackers to execute arbitrary...

Ashkon Simple Startup Manager buffer error vulnerability

Ashkon Simple Startup Manager is a system optimization tool developed by the American company Ashkon. Version 1.17 of Ashkon Simple Startup Manager contains a buffer overflow vulnerability; this vulnerability stems from local buffer overflows in File input parameters, which may allow for the...

Quick Player security vulnerability

Quick Player is a video playback application developed by Quick Player Inc. Version 1.3 of Quick Player contains a security vulnerability, which stems from a buffer overflow when loading specially crafted .m3l files, potentially allowing for the execution of arbitrary code...

PT-2026-5466

Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execu...

Debian dsa-6116 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6116 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6116-1 [email protected] https://www.debian.org/security/...

Code::Blocks security vulnerabilities

Code::Blocks is an open-source, cross-platform integrated development environment for C++ development. Version 17.12 of Code::Blocks contains a security vulnerability, which stems from a local buffer overflow in the file name field, potentially allowing arbitrary code to be executed...

Frigate security vulnerabilities

Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Version 3.36.0.9 of Frigate contains a security vulnerability, which stems from a local buffer overflow in the command line input field, potentially allowing arbitrary code to ...

PT-2026-5486

Name of the Vulnerable Software and Affected Versions Frigate version 3.36.0.9 Description Frigate version 3.36.0.9 contains a local buffer overflow in the Command Line input field. An attacker can exploit this to execute arbitrary code by crafting a malicious payload that overflows the buffer,...

NVIDIA CUDA toolkit code issue vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...