CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65716

CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18. The issue allows attackers to execute arbitrary JavaScript code by uploading a crafted Markdown (.md) file, enabling local port enumeration and data exfiltration to a control domain. The vulnerability is tied ...

PT-2026-8346

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description An Out-Of-Bounds Read vulnerability exists in the EPRT file reading procedure. This could allow an attacker to execute arbitrary code by opening a specially crafted EPRT file...

PT-2026-8355

Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...

RHEL 10 : gnupg2 (RHSA-2026:2753)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2753 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

ALSA-2026:2719 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution CVE-2026-24882 For more details about the security...

CVE-2019-25374 OPNsense 19.1 Reflected XSS via vpn_ipsec_settings.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthroughnetworks parameter in vpnipsecsettings.php. Attackers can craft POST requests with JavaScript payloads in the passthroughnetworks parameter to execu...

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

PT-2026-8247

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver...

CVE-2026-1988

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the flexipsgcarousel shortcode. This is due to the theme parameter being directly concatenated into a file path without proper sanitization ...

CVE-2026-26269

A flaw was found in Vim. A stack-based buffer overflow in the NetBeans integration can be triggered in the specialkeys function in the src/netbeans.c file via a malicious NetBeans server due to improper bounds checking, most likely resulting in a denial of service or in arbitrary command executio...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

CVE-2025-29951

A buffer overflow in the AMD Secure Processor ASP bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...