Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

RHEL 8 : compat-libtiff3 (RHSA-2026:20583)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20583 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

ALSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

RockyLinux 8 : ruby:3.3 (RLSA-2026:20614)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...

CVE-2026-48689

CVE-2026-48689 affects FastNetMon Community Edition up to 1.2.9, due to an off-by-one heap-based buffer overflow in dynamic_binary_buffer.hpp. Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) check bounds with offset ...

MAL-2026-4437 Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

CVE-2018-25366

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

USN-8301-1 simpleeval vulnerability

Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code...

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

CVE-2018-25376

CVE-2018-25376 affects Socusoft 3GP Photo Slideshow 8.05. A buffer overflow in the registration dialog can be triggered by crafted input in Registration Name/Registration Key, allowing local attackers to overwrite the SEH chain and execute shellcode (reverse shell) via a local exploit. This impli...

CVE-2018-25356

A flaw was found in SIPp. A local attacker can exploit a buffer overflow vulnerability by providing oversized input to command-line arguments, such as -3pcc, -i, or -logfile. This can lead to arbitrary code execution or cause the application to crash, resulting in a denial of service...

CVE-2026-48831

A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...

USN-8299-1 rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

CLSA-2026-1779694248 mpg123: Fix of CVE-2024-10573

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated upstream svn-r5442, main fix, and...

EUVD-2026-31642

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

CVE-2026-9489

NitroSense V3 (affected versions prior to 3.01.3052) contains a Local Privilege Escalation due to a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions. The misconfiguration allows any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTE...