CVE-2026-2296

CVE-2026-2296 affects the WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields (all versions up to 3.1.0). The root cause is insufficient validation of the 'operator' field in conditional logic rules, where unsanitized input is passed to PHP eval() inside evalCondi...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: python-wheel security update

An update for python-wheel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the handling of module paths in the gateway configuration. An attacker can execute arbitrary code by supplying a crafted module path to the configuration if they...

KLA90896 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in PDFium can be exploited to cause denial of service. 2...

Autodesk Shared Components 缓冲区错误漏洞

Autodesk Shared Components is a component provided by Autodesk, Inc. in the United States. Autodesk Shared Components has a buffer error vulnerability. This vulnerability arises from the possibility of out-of-bounds write attacks during the parsing of specially crafted MODEL files, which can lead...

PT-2026-20489

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A specially designed MODEL file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could allow an attacker to cause a...

OpenCFD OpenFOAM 安全漏洞

OpenCFD OpenFOAM is a software toolkit developed by the British company OpenCFD, used for numerical simulation of continuum mechanics problems. Version OpenCFD OpenFOAM 2506 contains a security vulnerability, which stems from a defect in the Code Stream command function. This defect may allow...

PT-2026-20488

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD affected versions not specified Description A specially designed CATPART file can trigger an Out-of-Bounds Write issue when processed by specific Autodesk products. Successful exploitation could lead to a program crash, data...

NLTK 安全漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK has a security vulnerability that stems from the unzipiter function using zipfile.extractall without performing path validation or security checks...

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

ChaosPro 安全漏洞

ChaosPro is an open-source fractal geometry generation software developed by ChaosPro. Version 2.0 of ChaosPro contains a security vulnerability, which stems from buffer overflows in the handling of configuration file paths. This vulnerability could potentially allow arbitrary code to execute by...

Fedora 42 : gnupg2 (2026-59fdfa64f5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-59fdfa64f5 advisory. Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution Tenable has extracted the preceding description block directly...

RHEL 9 : python3.12-wheel (RHSA-2026:2866)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2866 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

KLA90895 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement vulnerability in Frames can be exploited to cause denial of service. 2...

RHEL 10 : python-wheel (RHSA-2026:2865)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2865 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

Debian dsa-6139 : gimp - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6139 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6139-1 [email protected]...