Lucene search
K

206141 matches found

Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3151

Name of the Vulnerable Software and Affected Versions SysGauge Server version 7.9.18 Description The software contains an unquoted service path vulnerability in its binary path configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to the...

8.5CVSS8.2AI score0.00214EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002360)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002360 advisory. Heap-based buffer overflow in the logidjllrawrequest function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attacker...

6.9CVSS7.9AI score0.00499EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002330 advisory. Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers t...

4.4CVSS7.5AI score0.00717EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002834 advisory. An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of...

7.6CVSS7.3AI score0.02341EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002881 advisory. The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows...

10CVSS7.6AI score0.09652EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Debian dla-4439 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4439 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4439-1 [email protected]...

9.8CVSS5.7AI score0.0057EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002053)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002053 advisory. Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before...

6.9CVSS7.7AI score0.00596EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002094 advisory. Multiple stack-based buffer overflows in the Near Field Communication Controller Interface NCI in the Linux kernel before 3.4.5 allow remote attackers to cause a...

5CVSS6.4AI score0.0469EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

RHEL 8 : gnupg2 (RHSA-2026:0728)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0728 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

7.8CVSS6.3AI score0.00129EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002030)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002030 advisory. Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux...

7.9CVSS8.4AI score0.07313EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Adobe Substance 3D Sampler <= 5.1.0 Out-of-bounds Write (APSB26-11)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 5.1.0 It is, therefore, affected by a out-of-bounds write vulnerability as referenced in the APSB26-11 advisory. - Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write...

7.8CVSS6.5AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/01/15 12:0 a.m.6 views

ALSA-2026:0697 Important: gnupg2 security update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write CVE-2025-68973 For more details about...

7.8CVSS7.7AI score0.00129EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.11 views

CVE-2023-54338

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level...

8.5CVSS7.4AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:18 p.m.7 views

CVE-2022-50917

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated...

8.5CVSS7.3AI score0.00193EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/14 9:46 p.m.7 views

Arbitrary Code Injection

Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...

7.7CVSS8AI score
Exploits0References2
OSV
OSV
added 2026/01/14 9:46 p.m.3 views

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

6.9CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/14 9:46 p.m.13 views

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

7.1AI score
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/14 8:31 p.m.26 views

CVE-2026-23512

SumatraPDF has a Untrusted Search Path vulnerability in version 3.5.2 and earlier when the Advanced Options setting is triggered. The code path executes notepad.exe without an absolute path, allowing a malicious notepad.exe placed in the installation directory to run arbitrary code with local acc...

8.6CVSS7.4AI score0.00191EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/14 8:31 p.m.5 views

CVE-2026-23512 SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...

8.6CVSS7.7AI score0.00191EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-37169

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

7.2CVSS7.7AI score0.00477EPSS
Exploits0References1
Rows per page
Query Builder