CVE-2019-25607 Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute...

Lavavo CD Ripper 缓冲区错误漏洞

Lavavo CD Ripper is an audio extraction tool developed by the Lavavo company. Version 4.20 of Lavavo CD Ripper contains a buffer overflow vulnerability, which stems from improper handling of structured exceptions and buffer overflows. This vulnerability could allow local attackers to execute...

PT-2026-26996

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations,...

Debian dsa-6175 : libyaml-syck-perl - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6175 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6175-1 [email protected] https://www.debian.org/security/...

PT-2026-26997

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

PT-2026-26992

DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DataInterpreter component. An attacker can execute arbitrary code by injecting malicious inp...

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the codegenerate function in the metagpt/ext/aflow/scripts/operator.py file. An attacker can execute arbitrary code by supplying crafted input to this function...

Arbitrary Code Execution

PySpector is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete AST validation in the plugin system where indirect calls via getattr are not properly resolved, which allows an attacker to bypass security checks and execute arbitrary system commands through malicious...

Code Injection

craftcms/cms is vulnerable to Code Injection. The vulnerability is due to passing unvalidated configuration data to Craft::configure without proper sanitization, which allows an attacker to inject malicious behavior or event handlers and execute arbitrary code...

CVE-2026-32056

OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bashprofile or .zshenv to achieve arbitra...

MiracleLinux 9 : capstone-4.0.2-11.el9_7 (AXSA:2026-346:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-346:01 advisory. capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via skipdata callback...

PHP Remote File Inclusion

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to PHP Remote File Inclusion via the getapilocale fucntion. An attacker can disclose sensitive information or execute arbitrary PHP code by supplying crafted input to...

Improper Privilege Management

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Privilege Management via the setconfigvalue function, which allows users with certain permissions to modify configuration options without adequate...

Arbitrary Code Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary Code Injection via the saveSort.json.php endpoint. An attacker can execute arbitrary PHP code on the server by luring an authenticated admin to visit a...

CVE-2026-33156 DLL Sideloading in ScreenToGif

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

CVE-2026-33147 GMT: Stack-based Buffer Overflow in gmt_remote_dataset_id

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmtremotedatasetid function within src/gmtremote.c. This issue occurs when a specially...

CVE-2026-33139

PySpector has a Plugin Sandbox Bypass vulnerability (GHSA-V3XV-8VC3-H2M6) affecting versions

CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...