USN-8114-1 gvfs vulnerabilities

It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...

BIT-NGINX-INGRESS-CONTROLLER-2026-4342 ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

Moderate: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

KLA90951 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in WebAudio can be exploited to cause denial of service. 2...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by improper boundary checking in WebAudio. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an integer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

PT-2026-27219

Security Advisory — Code Study Plugin Summary An authenticated user may be able to execute arbitrary code in the Code Study Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Code Study Plugin, an authenticated user could...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by incorrect boundary checking in WebGL. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

KLA90950 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Base can be exploited to...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the sandbox via specially crafted HTML pages...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006281)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006281 advisory. A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP Despeckle plug-in. The issue occurs due to unchecked multiplication of image dimension...

Siemens APE1808 Stack-based Buffer Overflow (CVE-2024-35279)

A stack-based buffer overflow vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade...

Siemens APE1808 Heap-based Buffer Overflow (CVE-2022-42475)

A heap-based buffer overflow vulnerability CWE-122in FortiOS SSL- VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute...

EUVD-2019-19950

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a...

EUVD-2019-19957

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...

EUVD-2019-19959

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

CVE-2019-25608

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...