206141 matches found
PT-2026-3151
Name of the Vulnerable Software and Affected Versions SysGauge Server version 7.9.18 Description The software contains an unquoted service path vulnerability in its binary path configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to the...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002360)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002360 advisory. Heap-based buffer overflow in the logidjllrawrequest function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attacker...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002330)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002330 advisory. Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers t...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002834)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002834 advisory. An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002881)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002881 advisory. The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows...
Debian dla-4439 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4439 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4439-1 [email protected]...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002053)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002053 advisory. Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002094)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002094 advisory. Multiple stack-based buffer overflows in the Near Field Communication Controller Interface NCI in the Linux kernel before 3.4.5 allow remote attackers to cause a...
RHEL 8 : gnupg2 (RHSA-2026:0728)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0728 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002030)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002030 advisory. Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux...
Adobe Substance 3D Sampler <= 5.1.0 Out-of-bounds Write (APSB26-11)
The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 5.1.0 It is, therefore, affected by a out-of-bounds write vulnerability as referenced in the APSB26-11 advisory. - Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write...
ALSA-2026:0697 Important: gnupg2 security update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...
CVE-2023-54338
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level...
CVE-2022-50917
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated...
Arbitrary Code Injection
Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...
GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling
Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling
Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...
CVE-2026-23512
SumatraPDF has a Untrusted Search Path vulnerability in version 3.5.2 and earlier when the Advanced Options setting is triggered. The code path executes notepad.exe without an absolute path, allowing a malicious notepad.exe placed in the installation directory to run arbitrary code with local acc...
CVE-2026-23512 SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...
CVE-2025-37169
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...