Exploit for Integer Overflow or Wraparound in Apple Itunes

CVE-2022-26711: Apple ImageIO WebP Integer Overflow An intege...

CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

Command Injection

Overview blackboard-core is an A Python SDK implementing the Blackboard Pattern for LLM-powered multi-agent systems Affected versions of this package are vulnerable to Command Injection due to unsafe host-level execution being reachable without a hard security gate or explicit acknowledgment. An...

PT-2026-6842

Name of the Vulnerable Software and Affected Versions GNOME affected versions not specified Description A flaw exists in the GNOME localsearch MP3 Extractor, specifically within tracker-miners. Incorrect handling of malformed MP3 files can lead to a denial of service, potentially allowing for...

PT-2026-6839

Name of the Vulnerable Software and Affected Versions tracker-miners affected versions not specified Description A flaw exists in tracker-miners related to the handling of malformed MP3 files. This issue could allow an attacker to cause tracker-miners to crash, leading to a denial of service. The...

PT-2026-1023

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used in marine environments. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API...

PT-2026-26137

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it...

PT-2026-5661

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A stack-based buffer overflow vulnerability exists in libsoup during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by...

PT-2026-27418

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird ESR versions prior to 140.9 Description The software contains memory safety bugs, some of which demonstrate evidence of memory...

PT-2026-27419

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions 115.33 through 140.8 Thunderbird versions prior to 149 Thunderbird ESR versions 140.8 through 140.9 Description The software contains memory safety bugs, some of which demonstrate evidence of...

PT-2026-26144

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

PT-2026-6841

Name of the Vulnerable Software and Affected Versions tracker-miners affected versions not specified Description A flaw exists in tracker-miners related to the handling of malformed MP3 files. Specifically, the software incorrectly processes certain MP3 files, potentially leading to a denial of...

PT-2026-26145

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTE ARRAY STOP method, an out-by-one error in the cram byte arra...

PT-2026-28637

It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-6519 It was discovered...

PT-2026-20979

Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.11.4-1.1 Description A denial of service condition can occur due to a malformed SFTP message. Recommendations Update to version 0.11.4-1.1 or later...

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

PT-2025-54358

Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description A local privilege escalation issue exists due to a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, running with SYSTEM...

EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2625)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of th...

GHSA-95QG-89C2-W5HJ theshit vulnerable to unsafe loading of user-owned Python rules when running as root

Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function. An attacker can execute arbitrary code by crafting a malicious pickle...