CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

CVE-2026-42078 PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...

CVE-2026-42078

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...

GHSA-6RCX-55R6-JX65 Prefect Git Argument Injection in GitRepository Pull Steps

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

PT-2026-36858

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An arbitrary file write issue exists in this agentic framework for reflective PowerPoint generation. The flaw occurs through the save generated slides function. Recommendations Update to...

PT-2026-36828

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

PT-2026-36856

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An agentic framework for reflective PowerPoint generation allows arbitrary file write and directory creation through the markdown table to image function. Recommendations Update to commit...

CVE-2026-36365

CVE-2026-36365 concerns Lymphatus caesium-image-compressor (all versions up to commit 02da2c6). The issue allows a local attacker to execute arbitrary code via the functions shutdownMachine and putMachineToSleep in PostCompressionActions.cpp. CVSS 3.1 base score 7.8 (High): Local attacker with lo...

PT-2026-36892

Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit 4ca26bc Description An integer overflow exists in the load pnm function during the computation of WHD size. A specially crafted PNM, PGM, or PPM file containing large dimension values can cause the...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: fix runtime PM underflow The commit dbad41e7bb5f “dmaengine: qcom: bamdma: check if the runtime pm enabled” caused unbalanced pmruntimeget/put calls when the bam was controlled remotely. This commit rever...

Astra Linux - уязвимость в tiff

The "Divide By Zero" error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f3a5e010...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...

Astra Linux - уязвимость в tiff

The "Divide By Zero" error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f8d0f9aa...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The flow rule object is released from the commit path. There is no need to delay this process until the commit release path, as no packets traverse this object at all. It is accessed only from the control...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check whether extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...

Astra Linux - уязвимость в libde265

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fixing the issue of accessing a released USB PHY. The commit 6ed05c68cbca “usb: musb: sunxi: Explicitly releasing the USB PHY upon exit” causes the USB PHY @glue-xceiv to be accessed after it has been released...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

Astra Linux - уязвимость в libxml2

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...