postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

XStream <1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...

RHEL 8 : freerdp (RHSA-2026:6665)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6665 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

USN-7694-1 libxml2 vulnerabilities

Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-6021 Ahmed Lekssays discovere...

The vulnerability of the m2tsdmx_update_sdt() function (filters/dmx_m2ts.c) in the MP4Box utility of the GPAC multimedia platform allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the m2tsdmxupdatesdt function filters/dmxm2ts.c in the MP4Box utility of the GPAC multimedia platform is related to the pointer manipulation. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

CVE-2025-24447

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. Exploitation of this issue does...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve memory management issues after memory is freed, allowing attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execut...

The vulnerability of the evdev_log_msg function in the libinput library, implemented in X.Org and Wayland display server protocols, allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the evdevlogmsg function in the libinput library, within the implementations of X.Org and Wayland display server protocols, is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a attacker to execute arbitrary code with elevated privileges...

APSB21-54 Security update available for Adobe After Effects

Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user...

Double free

Adobe Animate version 20.5 and earlier is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...

Ubuntu: Security Advisory (USN-4360-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the SMB2_negotiate function (fs/cifs/smb2pdu.c) in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the SMB2negotiate function fs/cifs/smb2pdu.c in the Linux operating system is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Qemu 'load_multiboot' function arbitrary code execution vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the 'loadmultiboot' function of the hw/i386/multiboot.c file in QEMU. A local attacker can exploit this...

gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

GLSA-201603-08 : VLC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-08 VLC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could possibly execute arbitrary code or cause...

Oracle VirtualBox Multiple Memory Corruption Vulnerabilities - Windows

Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu: Security Advisory (USN-1925-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4700

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document...