openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

Moderate: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Deserialization of Untrusted Data

Overview cpsit/typo3-mailqueue is a TYPO3 CMS extension to improve TYPO3's mail spooler with additional components. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code by providing malicious...

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2026-32640

A flaw was found in the Python library, SimpleEval. A remote attacker could exploit this vulnerability by providing specially crafted input that allows dangerous modules or functions to be accessed outside of the intended sandbox environment. This could lead to arbitrary code execution within the...

Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries

Overview The installer for IBM Trusteer Rapport provided by IBM contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-2713 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Canva Affinity 安全漏洞

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code using a specially crafted EMF file...

MiracleLinux 8 : postgresql:13 (AXSA:2026-327:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-327:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Adobe Illustrator Heap Buffer Overflow Vulnerability (CNVD-2026-14502)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2026-14503)

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

MiracleLinux 9 : postgresql:16 (AXSA:2026-326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-326:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

ALSA-2026:4715 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

RHEL 9 : compat-openssl11 (RHSA-2026:4825)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4825 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...

RHEL 10 : vim (RHSA-2026:4715)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4715 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option...

Adobe Illustrator Stack Buffer Overflow Vulnerability (CNVD-2026-14501)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from a stack buffer overflow vulnerability vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to...

AlmaLinux 9 : compat-openssl11 (ALSA-2026:4472)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:4472 advisory. openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419 Tenable has extracted the preceding description block...

MiracleLinux 9 : postgresql:15 (AXSA:2026-325:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-325:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

CVE-2025-14287

A flaw was found in MLflow, a platform for managing the machine learning lifecycle. This vulnerability, known as command injection, allows an attacker to execute unauthorized commands on the system. By providing specially crafted input through the --container parameter, an attacker can bypass...

EUVD-2025-208751

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...