ALSA-2026:4442 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

RHEL 8 : vim (RHSA-2026:4442)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4442 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option...

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The GL-iNet GL-AR300M16 v4.3.11 version contains a security vulnerability. This vulnerability stems from a command injection vulnerability in the setconfig function, which may allow for the execution of arbitra...

compat-openssl11 security update

1:1.1.1k-5.2 - Fixes CVE-2025-69419 OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing Resolves: RHEL-142722...

Adobe Substance 3D Stager < 3.1.8 Multiple Vulnerabilities (APSB26-29)

The version of Adobe Substance 3D Stager installed on the remote host is prior to 3.1.8. It is, therefore, affected by an multiple vulnerabilities as referenced in the APSB26-29 advisory. - Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that...

EUVD-2019-19737

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-0940

CVE-2026-0940 concerns an improper initialization vulnerability in the BIOS of some ThinkPads. It could let a local privileged user modify data and execute arbitrary code. Affected software/hardware: ThinkPad BIOS firmware (on affected ThinkPad models). Root cause: improper initialization. Impact...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-2368

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

EUVD-2025-208595

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...

CVE-2019-25467

CVE-2019-25467 affects Verypdf docPrint Pro 8.0. The issue is a structured exception handling (SEH) buffer overflow in processing the User Password or Master Password fields during PDF encryption, enabling local code execution via an oversized alphanumeric-encoded payload with crafted shellcode, ...

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

CVE-2026-31854 Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections...

CVE-2026-31852

CVE-2026-31852 affects the Jellyfin project, specifically the GitHub Actions workflow in jellyfin/jellyfin-ios (code-quality.yml). The root cause is an elevated-permissions workflow that accepts pull requests from forked repositories, enabling arbitrary code execution and full takeover of the jel...