EUVD-2026-33164

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS System Control Interface, which stems from improper allocation of permissions for critical resources. This vulnerability could allow local users...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthenticated remote attackers to upload and execute a Web shell backdoor, thereby enabling...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...

CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

PT-2026-45057

Arbitrary code execution via ungated spec.loader.exec module in agents generator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAI ALLOW LOCAL TOOLS env-var gate to the tool override.py sinks...

PT-2026-44742

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...

ROS-20260529-73-0006

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

PT-2026-45021

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A sandbox escape exists that allows attackers to execute arbitrary code on the host system. This is achieved by combining Buffer.call.call. lookupGetter , Buffer, " proto ", Buffer.call.call. lookupSett...

Ubuntu 16.04 LTS : Ayttm vulnerabilities (USN-8314-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8314-1 advisory. It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute...

RHEL 10 : flatpak (RHSA-2026:21757)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21757 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

AlmaLinux 9 : flatpak (ALSA-2026:21755)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21755 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on hos...

RockyLinux 8 : flatpak (RLSA-2026:21756)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libcaca vulnerability (USN-8318-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8318-1 advisory. It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to...

AlmaLinux 8 : flatpak (ALSA-2026:21756)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on hos...

CVE-2026-9987

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...

USN-8347-1: QT WebEngine vulnerability

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...