CVE-2026-0874

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2026-2630

A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted...

NLTK has a Zip Slip Vulnerability

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

GHSA-7P94-766C-HGJP NLTK has a Zip Slip Vulnerability

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the scanpytorch function. An attacker can execute arbitrary code by crafting a malicious payload that...

Arbitrary Code Injection

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the unzipiter function due to the lack of validation before unpacking untrusted downloaded packages. An attacker c...

Trivy Action has a script injection via sourced env file in composite action

Command Injection in aquasecurity/trivy-action via Unsanitized Environment Variable Export A command injection vulnerability exists in aquasecurity/trivy-action due to improper handling of action inputs when exporting environment variables. The action writes export VAR= lines to trivyenvs.txt bas...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data shuffling tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensiti...

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data merging tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensitive...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-61982

CVE-2025-61982 affects OpenCFD OpenFOAM 2506 and its Code Stream directive. A specially crafted simulation file can trigger arbitrary code execution, with an attacker able to provide a malicious file. The CVE has a CVSS v3.1 base score of 7.8 (HIGH) and is a LOCAL, low-attack-vector with user int...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2025-61982

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

Remote Code Execution via Flow Studio Node Definitions

Description LOLLMS Flow Studio contains multiple code execution vulnerabilities via unsafe use of Python's exec function. Two distinct code paths allow arbitrary Python code execution on the server: 1. Direct Code Execution via/api/flows/testcode Admin endpoint File: backend/routers/flowstudio.py...

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...