CVE-2026-22619

Eaton IPP is affected by insecure library loading in its executable, enabling arbitrary code execution if an attacker obtains the software package. The issue is mitigated by a fix available in the latest Eaton IPP version on Eaton’s download center. The public reports consistently describe the ro...

EUVD-2026-23166

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

EUVD-2026-23163

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-6350

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-6363

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495751197...

CVE-2026-6308

An out of bounds read flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497412658...

CVE-2026-6348

WinMatrix agent by Simopro Technology is affected by a Missing Authentication vulnerability. The CVE-2026-6348 issue allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine and on all hosts in the environment where the agent is installed. Credent...

CVE-2026-6348 Simopro Technology｜WinMatrix - Missing Authentication

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-40504

CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...

Google Chrome PDFium Component Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the PDFium component of Google Chrome, which can be exploited by an attacker to execute arbitrary code in the sandbox via specially crafted PDF files...

PT-2026-33250

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

PT-2026-33248

Name of the Vulnerable Software and Affected Versions WinMatrix agent affected versions not specified Description A missing authentication flaw allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine. This issue can lead to privilege escalation...

Google Chrome Codecs Component Memory Misreference Vulnerability (CNVD-2026-17817)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...

Gravity 安全漏洞

Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...

Google Chrome Permissions Component Memory Misreference Vulnerability

Google Chrome on Android is an American web browser for Android by Google. A memory misreference vulnerability exists in the Google Chrome Permissions component, which can be exploited by an attacker to execute arbitrary code via specially crafted HTML pages...