Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

CVE-2026-35002

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

CVE-2026-35002

The vulnerability CVE-2026-35002 affects Agno versions prior to 2.3.24 in the model execution component. An attacker can trigger remote code execution by manipulating the field_type parameter passed to eval() within a FunctionCall, allowing arbitrary Python code execution. This results in high im...

CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

CVE-2026-35002

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

Arbitrary Code Injection

org.springframework.ai:spring-ai-vector-store is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of user-supplied input as a filter expression key in SimpleVectorStore, which allows an attacker to inject malicious expressions and execute arbitrary code...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

EUVD-2026-18140

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...

Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

...

CVE-2026-3777

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers...

CVE-2026-3779

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

EUVD-2026-18098

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...

KLA90965 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Dawn can be exploited to cause denial of service or execu...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an error in the model I/O component when opening a specially crafted file. An attacker can exploit the vulnerability to execute...

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...

Etcher 安全漏洞

Etcher is an operating system image burning tool developed by balena. Versions of Etcher prior to 2.1.4 contained security vulnerabilities. These vulnerabilities were caused by race conditions, allowing attackers to replace legitimate scripts with malicious payloads during the burning process,...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. A code execution vulnerability exists in Apple macOS Sequoia, which is caused due to an error in the model I/O component when opening a specially crafted file, and can be exploited by an attacker to execute arbitrar...

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

OneUptime 访问控制错误漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability, which stems from the lack of authentication at the workflow execution endpoint. This...