ingress-nginx comment-based nginx configuration injection

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

ScreenToGif 安全漏洞

ScreenToGif is a screen recording and GIF creation tool developed by Nicke Manarin himself. Versions of ScreenToGif 2.42.1 and earlier contained security vulnerabilities, which were caused by a DLL-side loading vulnerability. This vulnerability could allow arbitrary code to be executed in user...

ASTER Terrapack 安全漏洞

ASTER Terrapack is a series of Earth observation remote sensing data products developed by the Italian company ASTER. There is a security vulnerability in ASTER Terrapack, which stems from file uploads and may allow attackers to execute arbitrary code...

PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

CVE-2025-67260

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

AlmaLinux 9 : capstone (ALSA-2026:4898)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4898 advisory. capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via skipdata callback allows...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from D-Link Corporation. Version 1.10 of the D-Link DIR-513 contains a security vulnerability. This vulnerability stems from an issue with the formEasySetPassword function in the Web Service component, where the operation on the parameter curTime...

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...

ROS-20260320-73-0011

A vulnerability in the cmd/cgo component of the Go programming language is related to incorrect code generation control. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

AlmaLinux 10 : vim (ALSA-2026:4715)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:4715 advisory. vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 Tenable has extracted the preceding description block directly from the AlmaLin...

KLA90974 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Configured cipher preference order not preserved...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

EUVD-2026-13271

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

USN-8105-2: FreeRDP regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

USN-8105-2 freerdp3 regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability

A flaw was found in GIMP. A remote attacker can exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted XWD X Window Dump file. This issue occurs due to improper validation of user-supplied data during XWD file parsing, leading to a write past the end of...