PT-2026-46086

Summary The HTTP handler / log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates a...

PT-2026-46090

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

CVE-2026-36574

A DLL hijacking vulnerability in Wassimulator GitHub CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

Cactus Image Viewer 安全漏洞

Cactus Image Viewer is a Windows single-file image viewing tool developed by Wassim Alhajomar. Version 2.3.0 of Cactus Image Viewer has a security vulnerability caused by DLL hijacking, which may allow attackers to elevate privileges and execute arbitrary code through a specially crafted DLL...

Synology Active Backup for Business Recovery Media Creator 安全漏洞

Synology Active Backup for Business Recovery Media Creator is a tool developed by the Chinese company Synology, designed to generate system recovery boot media and perform device disaster recovery operations. Versions of Synology Active Backup for Business Recovery Media Creator prior to 2.5.0-20...

ROS-20260603-73-0003

The vulnerability in rubygem-activestorage relates to insufficient checking of the intentions by the recipient of the broadcast message. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 10 : postgresql16 (RLSA-2026:19010)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19010 advisory. postgresql: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2003 postgresql: PostgreSQL missing validation of multibyte character length...

Linux Distros Unpatched Vulnerability : CVE-2026-47331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race...

MiracleLinux 8 : flatpak-1.12.9-4.el8_10 (AXSA:2026-753:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-753:02 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

RockyLinux 9 : systemd (RLSA-2026:19213)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19213 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

RockyLinux 10 : systemd (RLSA-2026:19068)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19068 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

CVE-2021-4481

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

CVE-2021-4481

CVE-2021-4481 involves Dräger Protector Software, prior to version 6.4.2, which has a local privilege escalation vulnerability caused by insecure file system permissions. According to the connected records, this allows local attackers to replace binaries or loaded modules on the host and execute ...

CVE-2021-4480 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...