362483 matches found
CVE-2026-57453 Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...
CVE-2026-57453
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quot...
EUVD-2026-39442
The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...
CVE-2026-48946
The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...
CVE-2026-48944
The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...
CVE-2026-57456
Vim (prior to 9.2.0699) is vulnerable in its Python omni-completion: during reconstruction of function/class definitions, docstrings are inlined between triple quotes without escaping, allowing a hostile buffer to break out of the literal and execute attacker-controlled Python during omni-complet...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...
EUVD-2026-39432
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-55477
3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube, has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extensio...
USN-8472-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
USN-8471-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...
CVE-2026-56054
CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions <= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...
EUVD-2026-39383
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...
Important: Red Hat Security Advisory: perl-IO-Compress security update
An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: Red Hat Security Advisory: libpng security update
An update for libpng is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...