CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

CVE-2019-25441

The CVE-2019-25441 entry concerns thesystem 1.0, where an unauthenticated attacker can trigger a command injection via the run_command endpoint. The vulnerability allows posting shell commands in the command parameter to execute arbitrary system commands on the server. Impact is described as HIGH...

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-2492 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2026-27475

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

K000160103: PostgreSQL vulnerability CVE-2022-2625

Security Advisory Description A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait...

OPENSUSE-SU-2026:20266-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

CVE-2025-52744

Summary: CVE-2025-52744 affects the WordPress plugin “Inpersttion For Theme” (err-our-team), with versions n/a through 1.0. The root cause is improper control of the generation of code, leading to arbitrary code execution (code injection). Affected software is vulnerable to code injection as desc...

CVE-2025-52744 WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2026-26065

A flaw was found in calibre. This path traversal vulnerability allows a local user to write arbitrary files with arbitrary content and extensions to any location where the user has write permissions. This occurs when processing specially crafted PDB Program Database e-book files. Successful...

Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. CVE-2026-2004: intarray missing validation of type of input to selectivity...

SUSE-SU-2026:0585-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivity...

SUSE-SU-2026:0584-1 Security update for postgresql18

This update for postgresql18 fixes the following issues: Update to version 18.2. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivity...

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

CVE-2025-69674

Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7P161006 Build.0333.250211 allows an attacker to execute arbitrary code via the nodemac, nodeopt, optparam, and domainblk parameters of the meshnodeconfig and domiainblkconfig modules...

CVE-2026-26974

Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...

KLA90897 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Integer overflow vulnerability in V8 can be exploited to cause execute arbitrary code and...

ROS-20260220-73-0007

A vulnerability in the mlx5 driver of the RDMA subsystem of the Linux kernel is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial of service...

Sricam DeviceViewer 安全漏洞

Sricam DeviceViewer is a monitoring video management software developed by Sricam Corporation. Version 3.12.0.1 of Sricam DeviceViewer contains a security vulnerability. This vulnerability stems from a stack buffer overflow issue in the user management feature, which may allow authenticated...