Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

CVE-2026-41699: Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can craft a malicious GraphQL request that can lead ...

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

PT-2026-48411

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

Grammar-Constrained Decoding Can Jailbreak LLMs into Generating Malicious Code

Large Language Models LLMs are increasingly used for code generation, raising concerns that they may be misused to produce malicious code. Meanwhile, Grammar-Constrained Decoding GCD has been widely adopted to improve the reliability of LLM-generated code by enforcing syntactic validity. In this...

PT-2026-48420

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description A deserialization issue exists where attackers can force the system to deserialize arbitrary types defined in the core or plugins via a manipulated config.xml...

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

VulnCheck KEV: CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

PT-2026-48454

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

PT-2026-48400

Name of the Vulnerable Software and Affected Versions Slate Digital Connect version 1.37.0 Description The software installs a privileged helper tool, 'com.slatedigital.connect.privileged.helper.tool', which exposes the XPC service 'com.slatedigital.connect.privileged.helper.tool2'. The helper...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

ROS-20260610-73-0041

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

ROS-20260610-73-0045

The vulnerability of the createirpthread function in the RDP client of FreeRDP is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

ROS-20260610-73-0047

The vulnerability of the irpthreadfunc function in the RDP client of FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

ROS-20260610-73-0043

The vulnerability of the smartcardunpacksetattribcall function in the RDP client FreeRDP is related to the execution of operations outside the buffer in memory, resulting from an incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

ROS-20260610-73-0040

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

ROS-20260610-73-0039

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

ROS-20260610-73-0042

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...