Adobe Experience Manager Forms - Insecure Deserialization

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...

Nuxeo <10.3 - Remote Code Execution

Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. id: CVE-2018-16341 info: name: Nuxeo 10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to a...

Avigilon ACM - Host Header Injection

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. id: CVE-2025-56266 info: name: Avigilon ACM - Host Header Injection author: DhiyaneshDK severity: medium description: | A Host Header Injection vulnerability in...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software from the American company Docker, designed for lightweight application deployment using container technology. This product provides a desktop environment that allows creating containers lightweight virtual machines on Linux/Windows/Mac OS systems, as well as...

EUVD-2025-206818

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

Autodesk 3ds Max 缓冲区错误漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. Autodesk 3ds Max has a buffer error vulnerability, which stems from memory corruption during the parsing of specially crafted RGB files. This vulnerability may allow for the execution of arbitrary code...

PT-2026-6266

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.8 Description n8n is a workflow automation platform. A flaw in the Python Code node allows authenticated users to bypass the Python sandbox and run code outside the intended security limits. The vulnerability allows f...

PT-2026-6015

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed GIF file, when processed by Autodesk 3ds Max, can lead to a Stack-Based Buffer Overflow. An attacker could exploit this to execute arbitrary code with the...

Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:1902 Important: python-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-5807

Name of the Vulnerable Software and Affected Versions ProShow Producer version 9.0.3797 Description The software contains an unquoted service path vulnerability within the ScsiAccess service. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging the...

PT-2026-6017

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed project directory, when used to open a max file in Autodesk 3ds Max, may allow for the execution of arbitrary code with the privileges of the current process. Th...

Autodesk 3ds Max 代码问题漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There are code vulnerabilities in Autodesk 3ds Max. These vulnerabilities stem from the use of untrusted search paths when opening max files, which may lead to the execution of arbitrary code...

Langroid 代码注入漏洞

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : GNU C Library vulnerabilities (USN-8005-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8005-1 advisory. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when...

Autodesk 3ds Max 安全漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There is a security vulnerability in Autodesk 3ds Max, which stems from a stack buffer overflow issue during the parsing of specially crafted GIF files. This vulnerability may allow for the execution of...