CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data by providing crafted input that is processed without proper validation. Remediation A fix was...

Deserialization of Untrusted Data

Overview ply is a Python Lex & Yacc Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the picklefile parameter in the yacc function. An attacker can execute arbitrary code by supplying a specially crafted pickle file that is deserialized without validation...

CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...

CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58092

MedDream PACS Premium 7.3.6.870 is affected by CVE-2025-58092 and related reflected XSS flaws in config.php (notably the phpexe parameter). A crafted URL can trigger arbitrary JavaScript execution, with impact limited to client-side script execution (per the provided CVSS details: Network access,...

CVE-2025-58090

CVE-2025-58090 affects MedDream PACS Premium 7.3.6.870 and is due to multiple reflected XSS vulnerabilities in config.php. The TALOS report confirms several vulnerable parameters (uploaddir, archivedir, longtermdir, thumbnaiLdir, imagedir, phpdir, phpexe, phpdir, worklistsrc, etc.) where attacker...

WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by daroo in WordPress Plugin Nelio AB Testing versions = 8.1.8...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...

gnupg2 security update

An update is available for gnupg2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating...

CVE-2026-1222

CVE-2026-1222 involves the PrismX MX100 AP controller from Browan Communications, which has an arbitrary file upload vulnerability that could allow privileged remote attackers to upload and execute web shells, enabling arbitrary code execution on the server. The connected sources consistently des...

ROS-20260120-7367

A vulnerability in the xpcreateandassignumem function of the Linux operating system kernel is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

MiracleLinux 8 : webkit2gtk3-2.38.5-1.el8.ML.1 (AXSA:2023-5964:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5964:10 advisory. webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9 (AXSA:2023-4955:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4955:02 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution...

CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...