D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DWR-M960 formDdns file. The vulnerability stems from a misbehavior of the function sub4648F0 in the file /boafrm/formDdns in the DDNS Settings Handler component with respect to the...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained security vulnerabilities, which stemmed from a heap buffer...

ADB Explorer 安全漏洞

ADB Explorer is a ADB user interface developed by Alex B as an individual developer. Versions of ADB Explorer prior to 0.9.26020 contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the integrity or authenticity of the ADB binary path before execution, whi...

Slyde 安全漏洞

Slyde is an animation demonstration program developed by Tygo van den Hurk personally. Versions of S Clyde prior to 0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from Node.js automatically importing the plugin.js file from the nodemodules directory, which could allow...

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. There is a security vulnerability in MLflow, which stems from the use of hardcoded default...

PT-2026-21316

🚨 CVE-2019-25441 thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute...

NI FlexRIO < 2025 Q1 Arbitrary Code Execution (CVE-2024-12740)

The version of NI FlexRIO installed on the remote Windows host is prior to 2025 Q1. It is, therefore, affected by an arbitrary code execution vulnerability: - NI FlexRIO uses a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in...

Notepad++ < 8.9.2 Unsafe Search Path (GHSA-rjvm-fcxw-2jxq)

The version of Notepad++ installed on the remote host is prior to 8.9.2. It is, therefore, affected by a vulnerability: - An Unsafe Search Path vulnerability CWE-426 exists when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if...

PT-2026-21005

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

PT-2026-21312

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User...

Arbitrary Code Injection

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...

[SECURITY] [DSA 6143-1] libvpx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6143-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 19, 2026 https://www.debian.org/security/faq -...

Arbitrary Code Injection

Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Arbitrary Code Injection via the InMemoryVectorStore filter functionality due to lack of filtering for dangerous dunder attributes. An attacker can escape the sandbox and execute arbitrary...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

GO-2026-4394 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk...

CVE-2026-24834

CVE-2026-24834 affects Kata Containers before 3.27.0. A flaw in the interaction with Cloud Hypervisor allows a container user to modify the Guest micro VM’s filesystem, potentially achieving arbitrary code execution as root inside the VM. The host and other containers/VMs on the same host are not...

CVE-2026-24834 Kata Container to Guest micro VM privilege escalation

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM...

GHSA-WWJ6-VGHV-5P64 Kata Container to Guest micro VM privilege escalation

Summary An issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understinding is this doesn’t impact the security of the Host or of other containers / V...

USN-8053-1: libvpx vulnerability

It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

CVE-2019-25427

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers can send POST requests with JavaScript payloads in the DNSMASQWHITELIST or DNSMASQBLACKLIST...