USN-8221-1: wheel vulnerability

It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...

USN-8221-1 wheel vulnerability

It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...

PT-2026-35976

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...

FreeBSD : Mozilla -- Memory safety bugs (6881ae01-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6881ae01-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C200131...

RHEL 9 : pcs (RHSA-2026:11469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11469 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary cod...

CVE-2026-38992

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...

PT-2026-35982

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling SEH mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger...

Cockpit 安全漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.5 and earlier contained security vulnerabilities, which were caused by issues with the filter parameter in multiple endpoints. These vulnerabilities could lead to arbitrary code executi...

RHEL 9 : LibRaw (RHSA-2026:11360)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11360 advisory. LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw:...

FreeBSD : firefox -- Memory safety bugs (560f4838-4394-11f1-a190-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 560f4838-4394-11f1-a190-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory...

Projectworlds Free Download Online Shopping System 安全漏洞

Projectworlds Free Download Online Shopping System is an online shopping system developed by the Indian company Projectworlds. Version 2.0 Built 417 of the Projectworlds Free Download Online Shopping System has a security vulnerability. This vulnerability stems from a local buffer overflow in the...

Alloksoft Video joiner 安全漏洞

Alloksoft Video Joiner is a tool developed by Alloksoft Corporation that allows for the merging of multiple video files into a single video. Version 4.6.1217 of Alloksoft Video Joiner contains a security vulnerability. This vulnerability stems from a buffer overflow issue, which may allow local...

Alloksoft WMV to AVI MPEG DVD WMV Converter 安全漏洞

Alloksoft WMV to AVI MPEG DVD WMV Converter is a video format conversion tool developed by Alloksoft Corporation. Version 4.6.1217 of Alloksoft WMV to AVI MPEG DVD WMV Converter contains a security vulnerability. This vulnerability stems from a buffer overflow issue, which may allow local attacke...

PT-2026-35912

Name of the Vulnerable Software and Affected Versions Ollama for Windows versions 0.12.10 through 0.17.5 Description The update mechanism in Ollama for Windows allows Remote Code Execution due to improper handling of attacker-controlled HTTP response headers. The application constructs local file...

Easy MPEG to DVD Burner 安全漏洞

Easy MPEG to DVD Burner is a multi-format video processing software developed by Easy MPEG, capable of burning MPEG videos onto DVDs. Version 1.7.11 of Easy MPEG to DVD Burner contains a security vulnerability. This vulnerability stems from improper handling of structured exceptions, which can le...

PT-2026-35934

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

AMI BIOS SMM Security Update

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. HP has released mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that...

RockyLinux 8 : python3.11 (RLSA-2026:11062)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11062 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

ROS-20260429-73-0019

A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...

AgentFlow 代码注入漏洞

AgentFlow is an open-source multi-agent orchestration and dependency graph execution tool developed by Bera Buddies. AgentFlow has a code injection vulnerability, which stems from allowing attackers to execute local Python scripts by providing user-controlled pipelinepath parameters through POST...