PT-2026-37778

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

PT-2026-37775

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

PT-2026-37776

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

PT-2026-38276

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 4.5.7 Jupyter Notebook versions prior to 7.5.6 Description The HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements. Because CommandLinker listens for all click events...

RockyLinux 9 : golang (RLSA-2026:10219)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10219 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

RHEL 9 : golang (RHSA-2026:10219)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10219 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow...

RockyLinux 8 : go-toolset:rhel8 (RLSA-2026:10704)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10704 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...

RHEL 8 : LibRaw (RHSA-2026:14224)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:14224 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...

RHEL 10 : golang (RHSA-2026:10217)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10217 advisory. The golang packages provide the Go programming language compiler. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow...

AlmaLinux 10 : systemd (ALSA-2026:13651)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:13651 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection in the directInstall process. An attacker can execute arbitrary code on the server by uploading a specially crafted Z...

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

CVE-2026-40068

CVE-2026-40068 affects Claude Code versions 2.1.63–2.1.83. The vulnerability arises from trusting the git worktree commondir file without validating its contents, allowing a crafted repository to point to a previously trusted path. This could bypass the trust dialog and cause immediate execution ...

CVE-2026-36365

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file

A flaw was found in LibRaw. A remote attacker could exploit an integer overflow vulnerability by providing a specially crafted malicious file. This flaw, located in the uncompressedfpdngloadraw functionality, leads to a heap buffer overflow. Successful exploitation may result in arbitrary code...

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection through the autoEvalCodeOnHTML process. An attacker can execute arbitrary JavaScript code in the browser context of any logged-in user by...