Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...

PT-2026-31677

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions through 3.5.0 Description Hashgraph Guardian through version 3.5.0 has an unsandboxed JavaScript execution issue in the Custom Logic policy block worker. Authenticated Standard Registry users can execute arbitrary...

RHEL 7 : freerdp (RHSA-2026:7292)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7292 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2026-30479

OSGeo MapServer is affected up to version 7.x (before v8.0) by a Dynamic-link Library (DLL) injection vulnerability that allows an attacker to execute arbitrary code via a crafted executable. The description indicates the root cause is DLL injection, leading to arbitrary code execution. Public re...

CVE-2025-70811

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...

Fleet OS Command Injection Vulnerability

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An operating system command injection vulnerability exists in Fleet...

Tenda AC6 goform/QuickIndex file buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...

CVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

RockyLinux 8 : freerdp (RLSA-2026:6918)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6918 advisory. freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP heap-buffer-overflow CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow...

RockyLinux 8 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RLSA-2026:6750)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6750 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

PT-2026-31645

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...

RockyLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:6259)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6259 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

CVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

EUVD-2025-209383

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

CVE-2025-70810

CVE-2025-70810: Cross Site Request Forgery in Phpbb phbb3 v3.3.15 allows a local attacker to execute arbitrary code via the login function and authentication mechanism. Documented by Red Hat, NVD and CVE lists; CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no ...

RockyLinux 10 : capstone (RLSA-2026:6817)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6817 advisory. capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via skipdata callback allow...

Security update for libpng16 (important)

openSUSE security update: security update for libpng16 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20466-1 Rating: important References: bsc1260754 bsc1260755 Cross-References: CVE-2026-33416 CVE-2026-33636 CVSS scores: CVE-2026-33416 SUSE : 8.1...

CVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable...