206127 matches found
CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host.
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user with basic permissio...
[SECURITY] [DSA 6103-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 17, 2026 https://www.debian.org/security/faq -...
RLSA-2026:0728 Important: gnupg2 security update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...
CVE-2025-65118
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-14237
Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 a...
CVE-2025-14235
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....
Debian dsa-6103 : thunderbird - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6103 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6103-1 [email protected]...
RockyLinux 10 : gnupg2 (RLSA-2026:0697)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0697 advisory. GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 Tenable has extracted the preceding descriptio...
GHSA-CC8M-98FM-RC9G Skipper is vulnerable to arbitrary code execution through lua filters
Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...
Arbitrary Code Injection
Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...
CVE-2026-23742 Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
CVE-2026-23742 Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
EUVD-2026-2860
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
CVE-2026-23722
WeGIA (Web Manager for Charitable Institutions) before version 3.6.2 contains a Reflected Cross-Site Scripting (XSS) flaw in html/memorando/insere_despacho.php where the id_memorando GET parameter is echoed into HTML without proper sanitization/encoding. This allows unauthenticated attackers to i...
CVE-2021-47847
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...
CVE-2021-47847
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...
CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious...
CVE-2021-47841
CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...
CVE-2021-47828
CVE-2021-47828 relates to BOOTP Turbo 2.0.0.1253, where the Windows service bootpt.exe uses an unquoted service path. The underlying issue is an unquoted path in the service configuration, enabling elevated LocalSystem code execution during startup or reboot. Mitigation is to quote the service pa...