yTree 缓冲区错误漏洞

yTree is a terminal-based file management and directory browsing tool developed by Werner Bregulla. Versions 1.94 to 1.1 of yTree contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers to execute arbitrary code by providing...

Mapscrn 缓冲区错误漏洞

Mapscrn is a software developed under the MSK open-source project. Version 2.0.3 of Mapscrn contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers to execute arbitrary code or cause a denial-of-service attack by providing...

PT-2026-28275

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

EKG Gadu 缓冲区错误漏洞

EKG Gadu is a multi-protocol instant messaging client software developed by EKG Corporation. In versions EKG Gadu 1.9–pre+r2855-3+b1, there was a buffer error vulnerability. This vulnerability stemmed from local buffer overflows in username processing, which could allow local attackers to execute...

NRSS Reader 缓冲区错误漏洞

NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...

SIPp 访问控制错误漏洞

SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Version 3.3 of SIPp contains a vulnerability related to access control, which stems from a stack buffer overflow. This vulnerability could allow unverified local attackers to execute arbitrary code...

TiEmu 缓冲区错误漏洞

TiEmu is a handheld emulator developed by the Linux Programmer Group. Versions of TiEmu 2.08 and earlier contained a buffer overflow vulnerability. This vulnerability stemmed from a stack buffer overflow, which could allow attackers to execute arbitrary code by exploiting insufficient input...

PT-2026-28231

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return...

CVE-2026-33491

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

CVE-2026-27309

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Agentic Assistant validation process. An attacker can execute arbitrary server-side Python code by supplying input that causes the assistant to return malicious component code, which is then...

CVE-2026-27309

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27309 Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27309

CVE-2026-27309 affects Substance3D Stager up to version 3.1.7. It is a Use After Free (CWE-416) vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSSv3.1 metrics indicate a ...

DEBIAN-CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

CVE-2026-33881

Windmill CVE-2026-33881 affects the NativeTS executor in Windmill’s workspace environment. The flaw arises because workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes, allowing a workspace admin to inject arbitrary JavaScript that ...

GHSA-C4R5-FXQW-VH93 Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via unsanitized interpolation of the branch setting in the Gemfile generation process. An attacker can execute arbitrary Ruby code by crafting a malicious .vscode/settings.json or equivalent workspace...

Arbitrary Code Injection

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Arbitrary Code Injection through the LocalPythonExecutor in the localpythonexecutor.py component. An...