CVE-2026-22221 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...

openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

kernel: Linux kernel erofs: Use-After-Free due to device type mismatch

A flaw was found in the Linux kernel's erofs filesystem. A local attacker could exploit a use-after-free UAF vulnerability by mounting an erofs filesystem with a specific configuration where the primary and extra devices have mismatched types. This improper handling of device initialization error...

CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

CVE-2025-14914

CVE-2025-14914 affects IBM WebSphere Application Server Liberty, specifically versions 17.0.0.3 through 26.0.0.1. The issue allows a privileged user to upload a zip archive containing path traversal sequences that can overwrite files and lead to arbitrary code execution. The formal vulnerability ...

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

CVE-2025-14914 IBM WebSphere Application Server Liberty Path Traversal

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

CVE-2026-1761 Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

mlflow Creates of Temporary File in Directory with Insecure Permissions

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

CVE-2025-10279

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

CVE-2024-2356

The CVE-2024-2356 family affects parisneo/lollms-webui, with a Local File Inclusion (LFI) in the /reinstall_extension endpoint. The vulnerability targets the name parameter of the POST route, allowing an attacker to inject a malicious value that causes the server to load and execute arbitrary Pyt...

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete sanitization of untrusted input during code generation, where insufficient escaping in jsStringEscape allows attackers to inject executable JavaScript using only non-alphanumeric characters via JSFuck...

Improper Access Control

Kottster is vulnerable to Improper Access Control. The vulnerability is due to insecure handling of development-mode functionality, which allows an unauthenticated attacker to execute arbitrary code on the server when the application is running in development mode...

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...