EUVD-2026-12039

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

EUVD-2026-12177

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...

GHSA-99QW-6MR3-36QR OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories

Summary OpenClaw automatically discovered and loaded plugins from .openclaw/extensions/ inside the current workspace without an explicit trust or install step. A malicious repository could include a crafted workspace plugin that executed as soon as a user ran OpenClaw from that cloned directory...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the RealMedia Demuxer in gst-plugins-ugly. An attacker can achieve arbitrary code execution by enticing a user to open a specially crafted RealMedia file, resulting in an out-of-bounds write during the processing ...

CVE-2026-3562

The CVE-2026-3562 entry concerns Philips Hue Bridge hk_hap with an Ed25519 signature verification bug in ed25519_sign_open. The issue allows network-adjacent attackers to bypass authentication and execute arbitrary code on affected installations without authentication. Root cause is improper veri...

CVE-2026-3562

Philips Hue Bridge hkhap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific...

CVE-2026-0957

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

EUVD-2026-11718

Locutus vulnerable to RCE via unsanitized input in createfunction...

CVE-2026-0956 Out-Of-Bounds Read in Digilent DASYLab

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2026-0955

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2026-0957 Out-Of-Bounds Write in Digilent DASYLab

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2026-0954

CVE-2026-0954 describes a memory corruption vulnerability in Digilent DASYLab: an out-of-bounds write when loading a corrupted .DSB file. The issue can lead to information disclosure or arbitrary code execution and requires a user to open a specially crafted DSB file. The advisory states it affec...

vim security update

An update is available for vim. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

RLSA-2026:4442 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

AlmaLinux 8 : vim (ALSA-2026:4442)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:4442 advisory. vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 Tenable has extracted the preceding description block directly from the AlmaLinu...

PT-2026-25319

Name of the Vulnerable Software and Affected Versions Digilent DASYLab affected versions not specified Description A memory corruption issue exists due to an out-of-bounds read when loading a corrupted file. Successful exploitation requires an attacker to trick a user into opening a specially...

RHEL 9 : postgresql:16 (RHSA-2026:4547)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4547 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL oidvector discloses a fe...

RHEL 9 : postgresql (RHSA-2026:4524)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4524 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of...