PT-2026-51298

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description Improper isolation of Python execution combined with an authentication bypass allows an unauthenticated remote attacker to execute arbitrary code on the host system, leading to a comple...

FFmpeg < 8.1.2 Out-of-Bounds Write (CVE-2026-8461)

The version of FFmpeg installed on the remote host is prior to 8.1.2. It is, therefore, affected by an out-of-bounds write vulnerability: - An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can b...

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

PT-2026-51350

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description Remote code execution and denial of service are possible when...

PT-2026-51446

Name of the Vulnerable Software and Affected Versions OpenDJ Community Edition versions prior to 5.1.1 Description A Deserialization of Untrusted Data issue in the JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The issue occurs...

RHEL 9 : vim (RHSA-2026:28049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28049 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

PT-2026-51382

Multiple remote code execution RCE and control-flow corruption vulnerabilities have been identified in FastStone Image Viewer 8.3 and earlier, stemming from flaws in its JPEG 2000 JP2 and PSD file parsers. Attackers can exploit these by tricking the application into processing specially crafted...

UBUNTU-CVE-2026-6653

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling...

CVE-2026-12822 langflow-ai langflow Bundle URL Loader code injection

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

CVE-2026-12822

Langflow AI (langflow) up to v1.9.3 is affected by CVE-2026-12822 due to a vulnerability in the Bundle URL Loader component leading to local code injection. The attack requires local access; the exact vulnerable function is unspecified. Vendor did not respond to disclosure. CVSS data indicate a M...

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

MINI-82GP-RR77-X44F

Bulletin has no description...

MINI-7FVM-HRJM-7P3X

Bulletin has no description...

MINI-Q833-86XH-W52V

Bulletin has no description...

MINI-8FXV-5727-FCR4

Bulletin has no description...

MINI-GWM3-89CR-W7M9

Bulletin has no description...

CGA-F367-HJWV-Q5GJ

Bulletin has no description...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the resolveSystemId function. An attacker can cause unexpected behavior or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow during processing...

MINI-V278-Q7W3-JJ3R

Bulletin has no description...