CVE-2025-67078

Omnispace Agora Project contains a Cross Site Scripting (XSS) vulnerability in versions prior to 25.10. The issue arises in the file controller’s notify parameter used to display errors, enabling an attacker to execute arbitrary code in the context of the affected user. The CVE is documented acro...

ProjeQtOr code-related vulnerabilities

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Version 9.1.4 of ProjeQtOr contains a code vulnerability; this vulnerability stems from insufficient validation of the file upload function, which may allow arbitrary code to be executed...

PT-2026-3186

Name of the Vulnerable Software and Affected Versions Canon Satera LBP670C Series/Satera MF750C Series versions v06.02 and earlier Canon Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLA...

PT-2026-3179

Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesDisk Sorter Enterprisebindisksrs.exe' to inject malicio...

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved resource management vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, a US-based company. Juniper Networks Junos OS is a network operating system specifically designed for the company’s hardware devices. This operating system provides secure programming interfaces...

ALSA-2026:0697 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...

ALSA-2026:0728 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002330 advisory. Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002094 advisory. Multiple stack-based buffer overflows in the Near Field Communication Controller Interface NCI in the Linux kernel before 3.4.5 allow remote attackers to cause a...

RHEL 8 : gnupg2 (RHSA-2026:0728)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0728 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002881 advisory. The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002360)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002360 advisory. Heap-based buffer overflow in the logidjllrawrequest function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attacker...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002834 advisory. An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of...

Adobe Substance 3D Sampler <= 5.1.0 Out-of-bounds Write (APSB26-11)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 5.1.0 It is, therefore, affected by a out-of-bounds write vulnerability as referenced in the APSB26-11 advisory. - Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002030)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002030 advisory. Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux...

CVE-2023-54338

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level...

CVE-2022-50917

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated...

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

CVE-2026-23512

SumatraPDF has a Untrusted Search Path vulnerability in version 3.5.2 and earlier when the Advanced Options setting is triggered. The code path executes notepad.exe without an absolute path, allowing a malicious notepad.exe placed in the installation directory to run arbitrary code with local acc...