USN-8314-1 ayttm vulnerabilities

It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the scanForGeometryContainers function. An attacker can achieve arbitrary code execution by supplying a crafted NetCDF file containing an oversized geometry attribute, which is read into a fixed-size stac...

CVE-2026-48962

CVE-2026-48962 affects IO::Compress for Perl versions before 2.220. The issue arises in _parseOutputGlob() which wraps the caller-supplied output glob in quotes, with _getFiles() evaluating the expression via Perl’s eval STRING. An attacker-supplied output glob containing a literal double quote c...

CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

PT-2026-44047

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49...

CVE-2025-69600

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49...

RHEL 9 : libpng (RHSA-2026:20550)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20550 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : SimpleEval vulnerability (USN-8301-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8301-1 advisory. Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and...

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

RHEL 9 : ruby (RHSA-2026:20670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

GDAL 安全漏洞

GDAL is an open-source geospatial data abstraction library developed by the GDAL community. Versions 3.1.0 to 3.13.0 of GDAL contain security vulnerabilities. These vulnerabilities stem from the scanForGeometryContainers function in the netCDF driver, which reads geometric properties into a...

PT-2026-44578

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine. This allows an attacker to execute arbitrary code within a sandbox if a user is convinced to install a...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.216 for Android, there was a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs by the WebAppInstalls component, which could allow local...

CVE-2025-69600

CVE-2025-69600 affects RayVentory Raynet RVIA 12.6.4392.49-amd64.deb. Root cause is Argument Injection in an improperly terminated find command used to locate Java, enabling local attackers to execute arbitrary code via commands injected through getconfig, upload, or oracle options (and inventory...

IO-Compress 安全漏洞

IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress prior to 2.220 contained security vulnerabilities. These vulnerabilities stemmed from File::GlobMapper, where arbitrary code could be executed through an output glob...

AlmaLinux 8 : compat-libtiff3 (ALSA-2026:20585)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:20585 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

RHEL 9 : libpng (RHSA-2026:20549)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20549 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

Debian dsa-6298 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6298 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6298-1 [email protected] https://www.debian.org/securit...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Rclone vulnerabilities (USN-8299-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8299-1 advisory. It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could...