CVE-2026-20777

CVE-2026-20777 affects The Biosig Project’s libbiosig 3.9.2 and Master Branch (db9a9a63). It is a heap-based buffer overflow in the Nicolet WFT parsing functionality , where a specially crafted .wft file can lead to arbitrary code execution . An attacker can supply a malicious file to trigger the...

Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the SCRIPTSAFEPREEXEC definition in RangerRequestScriptEvaluator. An attacker can execute arbitrary OS commands by invoking scripts that rebuild the script context/engine e.g., via loadWithNewGlobal and...

Exploit for OS Command Injection in Anysphere Cursor

CVE PoC: MCP Server Config Swap in Claude Code Vulnerabilit...

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that is due to an object lifecycle issue in PowerVR. An attacker can exploit the vulnerability to execute arbitrary code on the system...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 goform/formSetDomainFilter file, which originates from the parameter curTime in the goform/formSetDomainFilter file that fails to correctly validate the length of the...

PT-2026-22769

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

PT-2026-23004

Name of the Vulnerable Software and Affected Versions Ghost versions 0.7.2 through 6.19.0 Description Ghost, a Node.js content management system, is affected by a code execution issue. Maliciously crafted themes can execute arbitrary code on the server. It is recommended to avoid installing...

Google Chrome 安全漏洞

Google Chrome is a free web browser developed by Google Inc. Google Chrome CSS suffers from a memory out-of-bounds read vulnerability that originates from out-of-bounds reads of memory buffer data, which can be exploited by remote attackers to execute arbitrary code...

VulnCheck KEV: CVE-2021-30952

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Cohesity TranZman 安全漏洞

Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability arises from the upload of any file with authenticated access, potentially allowing attackers with...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that originates from the failure of the parameter curTime in the file goform/formSetQoS to properly validate the length size of the input data, which can be...

EUVD-2025-208242

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

libbiosig 安全漏洞

Libbiosig is an open-source software library developed by the BioSig Project for biomedical signal processing. It includes functions for bio-signal analysis. Version 3.9.2 of Libbiosig contains a security vulnerability, which stems from a heap buffer overflow in the Nicolet WFT parsing function...

libbiosig 安全漏洞

Libbiosig is an open-source software library developed by the BioSig Project for biomedical signal processing. It includes functions for bio-signal analysis. Version 3.9.2 of Libbiosig contains a security vulnerability, which stems from a heap buffer overflow in the Intan CLP parsing function. Th...

PT-2026-22713

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause a denial of service...

The Biosig Project libbiosig Intan CLP parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2361 The Biosig Project libbiosig Intan CLP parsing heap-based buffer overflow vulnerability March 3, 2026 CVE Number CVE-2026-22891 SUMMARY A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbios...