CVE-2026-0710 Sipp/sipp: sipp: denial of service and potential arbitrary code execution vulnerability

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol SIP messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions...

CVE-2026-0776

CVE-2026-0776 concerns the Discord Client and its discord_rpc module , where an uncontrolled search path element allows a local attacker to escalate privileges. The flaw occurs when the client loads a file from an unsecured location, enabling the attacker to run code with the privileges of the ta...

CVE-2026-0776

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0757

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

CVE-2026-0784

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2025-67231

CVE-2025-67231 is a confirmed reflected XSS in ToDesktop Builder v0.33.1. The issue allows an attacker to execute arbitrary code in the context of a user’s browser via a crafted payload. Documented by multiple feeds (NVD, Red Hat, CIRCL, attackerkb, CVE lists) consistently describe a reflected XS...

PT-2026-4503

Name of the Vulnerable Software and Affected Versions dataSIMS Avionics ARINC 664-1 version 4.5.3 Description The software contains a local buffer overflow that allows attackers to overwrite memory. This is achieved by manipulating the milstd1553result.txt file. An attacker can create a malicious...

npm CLI security vulnerabilities

npm CLI is a package manager developed by the American company npm. There is a security vulnerability in npm CLI, which stems from loading modules from insecure locations, potentially leading to privilege escalation and the execution of arbitrary code...

CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

Siri Shortcuts MCP Server: Operating System Command Injection Vulnerability

Siri Shortcuts MCP Server is a tool developed by David as an integrated voice assistant and a context-based protocol server for large models. The Siri Shortcuts MCP Server has a vulnerability related to operating system command injection, which stems from insufficient validation of the shortcutNa...

Discord code-related vulnerabilities

Discord is a free chat service provided by the Discord company. Discord has code-related vulnerabilities; one of these vulnerabilities stems from the discordrpc module loading files from insecure locations, which may lead to privilege escalation and the execution of arbitrary code...

Softros LogonExpert code issue vulnerability

Softros LogonExpert is a security automatic login management tool developed by the American company Softros. Version 8.1 of Softros LogonExpert contains a code vulnerability; this vulnerability arises from the service path not being enclosed in quotes, which may allow arbitrary code to be execute...

PDF Complete Corporate Edition Security Vulnerabilities

PDF Complete Corporate Edition is a PDF editor developed by PDF Complete Corporation. Version 4.1.45 of PDF Complete Corporate Edition contains a security vulnerability; this vulnerability stems from the service path not being enclosed in quotes, which may allow for the execution of arbitrary cod...

Moodle security vulnerabilities

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from insufficient input validation, which may...

Softros LAN Messenger code-related vulnerabilities

Softros LAN Messenger is an instant messaging system for local area networks developed by the American company Softros. Version 9.6.4 of Softros LAN Messenger contains a code vulnerability caused by an unquoted service path, which may lead to the execution of arbitrary code...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GLib vulnerability (USN-7971-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7971-1 advisory. It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash,...

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...