PT-2026-3811

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:Program FilesCommon FilesActivIdentity to inject malicious executables and escalat...

Moodle cross-site scripting vulnerabilities

Moodle is an open-source e-learning software platform developed by Moodle. It is also known as a course management system, learning management system, or virtual learning environment. Version 3.10.3 of Moodle contains a cross-site scripting vulnerability. This vulnerability stems from a persisten...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Dungeon Crawl Stone Stoup vulnerability (USN-7969-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7969-1 advisory. David Mendenhall discovered that Dungeon Crawl Stone Soup was incorrectly handling Lua bytecode embedded in an uploaded .crawlrc file. An...

ROS-20260121-73-0027

Vulnerability in kernel-lt related to memory usage after memory release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Arbitrary Code Injection

Overview binary-parser is a Blazing-fast binary parser builder Affected versions of this package are vulnerable to Arbitrary Code Injection via malicious field names. An attacker can execute arbitrary JavaScript code by supplying untrusted values in the field names or encoding parameters, which a...

CVE-2026-1245 CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data by providing crafted input that is processed without proper validation. Remediation A fix was...

Deserialization of Untrusted Data

Overview ply is a Python Lex & Yacc Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the picklefile parameter in the yacc function. An attacker can execute arbitrary code by supplying a specially crafted pickle file that is deserialized without validation...

GHSA-7JC7-G598-2P64 XDocReport affected by an XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...

CVE-2025-64087

A Server-Side Template Injection SSTI vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-65482

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58080

A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58092

MedDream PACS Premium 7.3.6.870 is affected by CVE-2025-58092 and related reflected XSS flaws in config.php (notably the phpexe parameter). A crafted URL can trigger arbitrary JavaScript execution, with impact limited to client-side script execution (per the provided CVSS details: Network access,...

CVE-2025-58090

CVE-2025-58090 affects MedDream PACS Premium 7.3.6.870 and is due to multiple reflected XSS vulnerabilities in config.php. The TALOS report confirms several vulnerable parameters (uploaddir, archivedir, longtermdir, thumbnaiLdir, imagedir, phpdir, phpexe, phpdir, worklistsrc, etc.) where attacker...

WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by daroo in WordPress Plugin Nelio AB Testing versions = 8.1.8...

Improper Security Checks For Unsafe Imports

Fickling is vulnerable to improper security checks for unsafe imports. The vulnerability is due to incomplete validation in the unsafeimports method of the static analyzer, which fails to flag certain high-risk Python modules, allowing an attacker to craft malicious pickle files that bypass safet...