RockyLinux 10 : vim (RLSA-2026:4715)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4715 advisory. vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 Tenable has extracted the preceding description block directly from the...

Handlebars.js 安全漏洞

Handlebars.js is an open-source JavaScript templating engine developed by The Handlebars Templating Language project. Versions of Handlebars.js 4.7.8 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of user-controlled strings by the Handlebars...

PT-2026-28598

Name of the Vulnerable Software and Affected Versions ruby-lsp versions prior to 0.10.2 ruby-lsp gem versions prior to 0.26.9 Description The rubyLsp.branch VS Code workspace setting was used in generating a Gemfile without proper sanitization, potentially allowing arbitrary Ruby code execution...

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

BUFFALO Wi-Fi router 代码注入漏洞

The BUFFALO Wi-Fi router is a series of routers developed by the Japanese company BUFFALO. The BUFFALO Wi-Fi router has a code injection vulnerability, which means that arbitrary code can be executed due to this flaw...

Tenda AC6 安全漏洞

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16. The vulnerability stems from the parameter PPPOEPassword in the file /goform/QuickIndex that fails to properly validate the length and size of the input data...

ROS-20260327-73-0008

Vulnerability in python-pillow related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

CVE-2026-3529

A flaw was found in Drupal Google Analytics GA4. This vulnerability, identified as Cross-site Scripting XSS, arises from improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, which would then execute in a...

EUVD-2026-16301

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

[SECURITY] [DSA 6179-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6179-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2026 https://www.debian.org/security/faq -...

Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface

Summary Android Canvas WebView pages from untrusted origins could invoke the JavascriptInterface bridge and inject instructions into the app. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

CVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

Out-of-bounds Write

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

capstone security update

An update is available for capstone. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Capstone is a disassembly framework with the target of becoming the ultimate...

RLSA-2026:4898 Important: capstone security update

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Security Fixes: capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via...