PT-2026-26625

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack...

AlmaLinux 9 : capstone (ALSA-2026:4898)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4898 advisory. capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via skipdata callback allows...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

EUVD-2026-13271

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

USN-8105-2: FreeRDP regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

PT-2026-26428

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.13.9, v1.14.5, and v1.15.1 Description A security issue exists in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code...

RHEL 9 : capstone (RHSA-2026:5125)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5125 advisory. Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security...

KLA90947 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Original advisories CVE-2026-32194 CVE-2026-32191 Exploitation Public exploits exist for this vulnerability. Related products...

ROS-20260319-73-0034

Vulnerability in beats related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

ROS-20260319-73-0001

A vulnerability in the Gimp image processing library is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Vim vulnerabilities (USN-8101-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8101-1 advisory. Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. A...

ROS-20260319-73-0013

Vulnerability in glpi due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2026-31898

A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the createAnnotation method's...

CVE-2026-31968

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. Specifically, within the CRAM Compressed Reference-oriented Alignment Map format, incomplete validation of context in the VARINT and CONST encodings could lead to a heap or stack buffer overflow. A remote...

CVE-2026-31969

A flaw was found in HTSlib, a library used for bioinformatics file formats. A remote attacker could exploit an out-by-one error when processing a specially crafted CRAM Compressed Reference-oriented Alignment Map file. This vulnerability can lead to a heap buffer overflow, potentially allowing fo...

CVE-2026-31971

A flaw was found in HTSlib, a library used for bioinformatics file formats. When reading CRAM Compressed Reference-oriented Alignment Map files, the crambytearraylendecode function did not properly validate the size of incoming data against the allocated buffer. This memory corruption vulnerabili...

CVE-2026-31962

A flaw was found in htslib, a library for reading and writing bioinformatics file formats. A local user could exploit a heap buffer overflow vulnerability by opening a specially crafted CRAM file. This flaw occurs due to incorrect handling of certain CRAM format records, leading to reading and...