486122 matches found
CVE-2026-46703 BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
EUVD-2026-36165
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in...
CVE-2026-2049
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
[SECURITY] [DSA 6337-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6337-1 [email protected] https://www.debian.org/security/ Andres Salomon June 10, 2026 https://www.debian.org/security/faq -...
EUVD-2026-36195
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
CVE-2026-52726 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
CVE-2026-52726
Technical details about CVE-2026-52726 are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-52726
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...
Exploit for Heap-based Buffer Overflow in Microsoft
CVE-2026-47291 Overview RCE exploit for CVE-2026-47291 t...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
EUVD-2026-36181
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
CVE-2026-42305
Dulwich (pure-Python Git implementation) versions before 1.2.5 on Windows are vulnerable to an arbitrary file write via NTFS-hostile tree entries, causing remote code execution when cloning or checking out a malicious repository. Root cause: path-element validation allowed filenames that Windows ...
CVE-2026-42305
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
CVE-2026-2049 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2026-2049 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2026-2049
CVE-2026-2049 is a heap-based buffer overflow in HDR file parsing within gegl (used by GIMP) caused by insufficient validation of the length of user-supplied data. This can lead to remote code execution when a user opens a malicious HDR file or visits a crafted page, as indicated by the CVSS vect...
CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-45454
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
CVE-2026-48291
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...