1086399 matches found
PT-2026-50718
Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...
ffmpeg -- Out-of-bounds write
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports: An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the...
Vendor-signed UEFI applications found vulnerable to Secure Boot bypass
Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...
Siemens Ruggedcom Rox Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-40947)
Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system. This plugin only...
Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-13106)
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Oracle Linux 8 : httpd:2.4 (ELSA-2026-25090)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-25090 advisory. - Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves:...
MINI-X6JH-2FFP-Q5P2
Bulletin has no description...
MINI-CRPF-VV9M-JQJC
Bulletin has no description...
CVE-2026-53676
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...
MINI-GPW4-38V6-Q4MC
Bulletin has no description...
CVE-2026-53676
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...
CVE-2026-53676
Technical details for CVE-2026-53676 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
MINI-H3CX-G8V7-X6FX
Bulletin has no description...
MINI-CCVC-V28J-3C88
Bulletin has no description...
MINI-4PJG-9V86-HWQH
Bulletin has no description...
MINI-7Q7M-P5CC-WGXX
Bulletin has no description...
MAL-2026-6087 Malicious code in uol-simple-api-futebol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...
CVE-2026-12530
Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...
MINI-7WCJ-HQM4-GHGW
Bulletin has no description...
MINI-XV6H-97VF-83F4
Bulletin has no description...