Softros LAN Messenger code-related vulnerabilities

Softros LAN Messenger is an instant messaging system for local area networks developed by the American company Softros. Version 9.6.4 of Softros LAN Messenger contains a code vulnerability caused by an unquoted service path, which may lead to the execution of arbitrary code...

PT-2026-4503

Name of the Vulnerable Software and Affected Versions dataSIMS Avionics ARINC 664-1 version 4.5.3 Description The software contains a local buffer overflow that allows attackers to overwrite memory. This is achieved by manipulating the milstd1553result.txt file. An attacker can create a malicious...

Moodle security vulnerabilities

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from insufficient input validation, which may...

Discord code-related vulnerabilities

Discord is a free chat service provided by the Discord company. Discord has code-related vulnerabilities; one of these vulnerabilities stems from the discordrpc module loading files from insecure locations, which may lead to privilege escalation and the execution of arbitrary code...

Softros LogonExpert code issue vulnerability

Softros LogonExpert is a security automatic login management tool developed by the American company Softros. Version 8.1 of Softros LogonExpert contains a code vulnerability; this vulnerability arises from the service path not being enclosed in quotes, which may allow arbitrary code to be execute...

MCP Manager for Claude Desktop: Operating System Command Injection Vulnerability

MCP Manager for Claude Desktop is a context-based protocol management software developed by zue’s individual developers. MCP Manager for Claude Desktop has a vulnerability related to operating system command injection. This vulnerability arises from the lack of validation of the strings provided ...

ToDesktop Builder security vulnerabilities

ToDesktop Builder is a desktop application building tool developed by ToDesktop Company in Ireland. Version 0.33.1 of ToDesktop Builder contains a security vulnerability. This vulnerability stems from reflective cross-site scripting, which could allow attackers to execute arbitrary code in the...

CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GLib vulnerability (USN-7971-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7971-1 advisory. It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash,...

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

CVE-2026-0535 Stored XSS in Electronic Library Component Description

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

CVE-2026-0534

This CVE (CVE-2026-0534) affects Autodesk Fusion desktop application. The issue is a Stored Cross-site Scripting (XSS) vulnerability triggered by a malicious HTML payload stored in a part’s attribute and activated by user interaction, allowing an attacker to read local files or execute arbitrary ...

CVE-2026-0534 Stored XSS in the value of a part attribute

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2025-69319 WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...