RHEL 8 : vim (RHSA-2026:4442)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4442 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option...

EUVD-2019-19737

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-0940

CVE-2026-0940 concerns an improper initialization vulnerability in the BIOS of some ThinkPads. It could let a local privileged user modify data and execute arbitrary code. Affected software/hardware: ThinkPad BIOS firmware (on affected ThinkPad models). Root cause: improper initialization. Impact...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-2368

CVE-2026-2368 involves an improper certificate validation vulnerability in the Lenovo Filez application. The issue could allow an attacker capable of intercepting network traffic to achieve arbitrary code execution on affected systems. From the provided metrics, the vulnerability has a high impac...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the upstream API requests. An attacker can execute arbitrary code by injecting malicious prompts into requests. Remediation There is no fixed version for...

EUVD-2025-208595

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...

CVE-2019-25467

CVE-2019-25467 affects Verypdf docPrint Pro 8.0. The issue is a structured exception handling (SEH) buffer overflow in processing the User Password or Master Password fields during PDF encryption, enabling local code execution via an oversized alphanumeric-encoded payload with crafted shellcode, ...

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

CVE-2026-31852

CVE-2026-31852 affects the Jellyfin project, specifically the GitHub Actions workflow in jellyfin/jellyfin-ios (code-quality.yml). The root cause is an elevated-permissions workflow that accepts pull requests from forked repositories, enabling arbitrary code execution and full takeover of the jel...