CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1284 Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

EUVD-2026-4703

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1283 Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

PT-2026-4769

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description A heap-based buffer overflow exists in the EPRT file reading procedure of SOLIDWORKS eDrawings. This issue could allow an attacker to execute arbitrary code by opening a specially...

PT-2026-4798

Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...

PT-2026-4782

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesKiteKiteService.exe' to inject malicious executables and escalate...

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by a double release in the XSLT...

vm2 security vulnerabilities

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.2 have security vulnerabilities; these vulnerabilities stem from Promise callback cleanup mechanisms...

Dassault Systèmes SOLIDWORKS eDrawings security vulnerabilities

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool developed by Dassault Systèmes, a French company, for viewing, sharing, and annotating 2D/3D design files. Dassault Systèmes SOLIDWORKS eDrawings has a security vulnerability that stems from a heap buffer overflow during the EPRT file...

PT-2026-4783

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account...

Micron Crucial Storage Executive code-related vulnerabilities

Micron Crucial Storage Executive is a solid-state drive management tool developed by the American company Micron. Versions of Micron Crucial Storage Executive prior to 11.08.082025.00 contained a code vulnerability. This vulnerability stemmed from a DLL preloading vulnerability in the installer,...

GLSA-202601-03 : GIMP: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-03 GIMP: Arbitrary Code Execution A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202601-05 : Commons-BeanUtils: Arbitary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-05 Commons-BeanUtils: Arbitary Code Execution Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...

PT-2026-4777

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesMiniTool ShadowMakerAgentService.exe' to inject malicious executables and...

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

RHEL 9 : gnupg2 (RHSA-2026:1229)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1229 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

EUVD-2026-4636

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

CVE-2020-36937 MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

CVE-2020-36937

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...