486042 matches found
rsync: Rsync: Use-after-free vulnerability in extended attribute handling
A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...
rsync: Rsync: Use-after-free vulnerability in extended attribute handling
A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...
rsync: Rsync: Use-after-free vulnerability in extended attribute handling
A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...
EUVD-2026-36167
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
EUVD-2026-36156
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
rsync: Rsync: Use-after-free vulnerability in extended attribute handling
A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...
PT-2026-48705
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0495 Description A Vimscript code injection exists in the s:NetrwBookHistSave function within the netrw plugin. The issue occurs when serializing browsed directory paths to the history file /.vim/.netrwhist. A directo...
PT-2026-48810
Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...
PT-2026-48740
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue exists where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to...
PT-2026-48787
Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager PSM versions prior to 15.0.3 Idira Privileged Session Manager PSM versions prior to 14.6.3 Idira Privileged Session Manager PSM versions prior to 14.2.5 Idira Privileged Session Manager PSM versions prior to...
PT-2026-48700
Name of the Vulnerable Software and Affected Versions KanaDojo versions prior to 0.1.18 Description A sandbox escape allows remote code execution with full GitHub Actions runner privileges, including access to the AUTOMATION PR TOKEN variable. The issue occurs in the issue-auto-respond.yml workfl...
PT-2026-48690
Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...
PT-2026-48754
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description A use after free issue in Core allows a remote attacker to execute arbitrary code by inducing a user to open a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-48701
Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base affected versions not specified Description An integer overflow exists in the SASL I/O layer within the sasl io start packet function. When a crafted SASL packet length prefix of 0xFFFFFFFC is processed, adding...
Linux Distros Unpatched Vulnerability : CVE-2026-52726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...