CVE-2026-24291 Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability

...

CVE-2026-3315

CVE-2026-3315 concerns ASSA ABLOY Visionline on Windows, where incorrect default permissions enable configuration/environment manipulation and lead to execution with unnecessary privileges and improper assignment of permissions to a critical resource. Affected versions are Visionline prior to 1.3...

CVE-2026-3315 Local Privilege Escalation Due to Writable Executable in Privileged Visionline Service Path

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33...

PT-2026-24285

Name of the Vulnerable Software and Affected Versions Windows versions prior to March 10, 2026 Patch Tuesday Description An improper permission assignment within the Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally. The issue stems from...

New-Shellcode-Injection-Exploit

Shellcode Injection Exploit Author Created by 0x5da...

CVE-2025-69649

A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed header fields with the readelf program can trigger a NULL pointer dereference, causing a crash and resulting in a denial of service. Mitigation To mitigate this vulnerability, do not process untruste...

DEBIAN-CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

UBUNTU-CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

AZL-79574 CVE-2025-69651 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized...

Malicious code in flowfix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...

MAL-2026-1276 Malicious code in flowfix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 77c3304c8fcc8e0cdf2ac450babf481ff0ee3e93cb3c4213c6b4fa8d80cf4137 The package hides code to download and open remote content. The current code seems to be a bit broken as the final URL is not correct, but the code holds also...

CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

PT-2026-23634

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo LMS is susceptible to an authenticated remote code execution issue stemming from insufficient validation of uploaded files. The application depends on MIME-type verification for file upload...

CVE-2025-69652

CVE-2025-69652 concerns GNU Binutils up to 2.46, specifically the readelf component. A crafted ELF binary with malformed DWARF abbrev or debug information can trigger an abort (SIGABRT) due to incomplete state cleanup in process_debug_info(), allowing an invalid debug_info_p state to propagate in...

WordPress plugin SetSail 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005656 advisory. In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in isexecutablesection The comparison should be = to prevent an out of...

Malicious code in requests-ml-min (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

MAL-2026-1240 Malicious code in requests-ml-min (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 caf988849523549406a61384e2c9f8e01d6edf3ad71e5cba77ca7c3987863f1d During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

GHSA-F8MP-VJ46-CQ8V OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment

The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable. In threat-model terms, this...