PT-2026-2638

Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...

APSB26-01 : Security update available for Adobe DreamWeaver

Adobe has released a security update for Adobe Dreamweaver. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and arbitrary file system write...

APSB26-02 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure...

APSB26-09 : Security update available for Adobe Substance 3D Stager

Adobe has released an update for Adobe Substance 3D Stager. This update addresses a critical vulnerability in Adobe Substance 3D Stager that could lead to arbitrary code execution...

APSB26-04 : Security update available for Adobe InCopy

Adobe has released a security update for Adobe InCopy. This update addresses a critical vulnerability that could lead to arbitrary code execution...

APSB26-07 : Security update available for Adobe Bridge

Adobe has released a security update for Adobe Bridge. This update addresses a critical vulnerability that could lead to arbitrary code execution...

CVE-2024-14021

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

PYSEC-2026-85

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchsend parameter, which is dynamically invoked using the send method. An attacker can execute arbitrary commands on the server by supplying crafted input to this parameter. Remediation Upgrade spree ...

CVE-2025-66939

Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...

CVE-2026-0821

A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the jstypedarrayconstructor function of the quickjs.c file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or...

UTT 520W 安全漏洞

The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter timestart in the file /goform/formConfigNoticeConfig, which could lead to...

UTT 520W 安全漏洞

The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter wepkey1 in the file /goform/APSecurity, which could lead to the execution ...

UTT 520W 安全漏洞

UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter GroupName in the file /goform/formFireWall, which could lead to the execution ...

CVE-2025-66715

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...

[SECURITY] [DSA 6097-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6097-1 [email protected] https://www.debian.org/security/ Andres Salomon January 09, 2026 https://www.debian.org/security/faq -...

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

QuickJS 安全漏洞

QuickJS is QuickJS open source a small and embeddable Javascript engine . A security vulnerability exists in QuickJS 0.11.0 and earlier versions, which is caused by a heap buffer overflow in the function jstypedarrayconstructor in the file quickjs.c, which could lead to the execution of arbitrary...

Arbitrary Code Injection

Overview uni2ts is an Unified Training of Universal Time Series Forecasting Transformers Affected versions of this package are vulnerable to Arbitrary Code Injection via the decodedistroutput function. An attacker can execute arbitrary code by supplying crafted input that is improperly handled...