CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the Python sandbox based on AST, which could be exploited through type.getattribute, potentially...

CVE-2026-5858

A flaw was found in WebML in Google Chrome. A remote attacker could exploit a heap buffer overflow vulnerability by enticing a user to visit a specially crafted HTML page. Successful exploitation of this memory corruption flaw could allow the attacker to execute arbitrary code on the affected...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

CVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

RLSA-2026:5913 Moderate: ncurses security update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-plugins-base. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStream...

RLSA-2026:6918 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

RLSA-2026:6915 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

EUVD-2026-20773

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...

OSGeo MapServer 安全漏洞

OSGeo MapServer is an open-source geospatial data publishing and map rendering service developed by OSGeo. Prior to OSGeo MapServer 8.0, there were security vulnerabilities; these vulnerabilities stemmed from dynamic link library injections, which could allow attackers to execute arbitrary code...