113951 matches found
CVE-2026-22619
Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...
Delta Electronics ASDA-Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...
CVE-2026-22619
Eaton IPP is affected by insecure library loading in its executable, enabling arbitrary code execution by an attacker with access to the software package. The issue has been fixed in the latest Eaton IPP version available via the Eaton download center. Practitioner takeaway: verify that IPP insta...
CVE-2026-22619
Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...
EUVD-2026-23166
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...
EUVD-2026-23145
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-6350
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...
CVE-2026-40504
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-6363
A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495751197...
CVE-2026-6348
WinMatrix agent by Simopro Technology is affected by a Missing Authentication vulnerability. The CVE-2026-6348 issue allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine and on all hosts in the environment where the agent is installed. Credent...
CVE-2026-40504
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...
CVE-2026-40504
CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...
PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code
Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...
Arbitrary Code Injection
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via the PhpHelper::parseArrayToString process. An attacker can execute arbitrary PHP code as the web server user by injecting specially crafted input into...
PT-2026-33382
Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...
RHEL 8 : libarchive (RHSA-2026:8521)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8521 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660...
Important: freerdp security update
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...
Google Chrome PDFium Component Heap Buffer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the PDFium component of Google Chrome, which can be exploited by an attacker to execute arbitrary code in the sandbox via specially crafted PDF files...
Google Chrome Codecs Component Memory Misreference Vulnerability (CNVD-2026-17817)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Codecs component, which can be exploited by an attacker to execute arbitrary code in a sandbox via specially crafted HTML pages...
Gravity 安全漏洞
Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...