XStream <1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...

RHEL 8 : freerdp (RHSA-2026:6665)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6665 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

USN-7694-1 libxml2 vulnerabilities

Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-6021 Ahmed Lekssays discovere...

CVE-2025-24447

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. Exploitation of this issue does...

APSB21-54 Security update available for Adobe After Effects

Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user...

Double free

Adobe Animate version 20.5 and earlier is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit...

Ubuntu: Security Advisory (USN-4360-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Qemu 'load_multiboot' function arbitrary code execution vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the 'loadmultiboot' function of the hw/i386/multiboot.c file in QEMU. A local attacker can exploit this...

gstreamer-plugins-good: Heap buffer overflow in FLIC decoder

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application...

GLSA-201603-08 : VLC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201603-08 VLC: Multiple vulnerabilities Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could possibly execute arbitrary code or cause...

Oracle VirtualBox Multiple Memory Corruption Vulnerabilities - Windows

Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu: Security Advisory (USN-1925-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4700

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document...

Mozilla Products Multiple Vulnerabilities-02 (Jan 2013) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for ruby1.9 vulnerabilities USN-900-1

Ubuntu Update for Linux kernel vulnerabilities USN-900-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9001.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for ruby1.9 vulnerabilities USN-900-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

2532|Gigs <= 1.2.2 Multiple Vulnerabilities - Active Check

2532-Gigs is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:2532gigs:2532gigs"; ifdescription...