PT-2026-53255

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

ROS-20260629-73-0020

The vulnerability in Vim relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the writeMasterPasswordInfo() method in the software for managing and publishing geodata on the OSGeo GeoServer server allows a perpetrator to execute arbitrary code, expose sensitive information, and cause service failure.

The vulnerability of the writeMasterPasswordInfo method in the software for managing and publishing geodata on the OSGeo GeoServer server is related to improper external management of file names or paths. Exploiting this vulnerability could allow an attacker to execute arbitrary code, disclose...

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerabilities of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers are related to the execution of operations outside of the buffer in memory. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code or cause...

The vulnerability of the rrd_substitute_host_query_data() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the rrdsubstitutehostquerydata function in the Cacti network monitoring software is related to the failure to take measures to eliminate special elements in the output data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

RHEL 8 : perl-Archive-Tar (RHSA-2026:30852)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30852 advisory. Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also...

PT-2026-53753

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6 nbr.c handle ra input, handle ns input, handle na input used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target...

PT-2026-53449

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

PT-2026-53412

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dash uploader/httprequesthandler.py reads three form parameters upload id, resumableFilename, resumableIdentifier from request.form.get and passes...

PT-2026-53392

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

PT-2026-53404

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust remote code set to true in...

ROS-20260629-73-0016

The vulnerability in Vim relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

RHEL 9 : perl-Archive-Tar (RHSA-2026:30856)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30856 advisory. Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also...

PT-2026-53438

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

PT-2026-53384

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

PT-2026-53598

Directory traversal vulnerability in recv file method allows arbitrary files to be written to the master cache directory...

PT-2026-53590

Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...

PT-2026-53534

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

ROS-20260629-73-0005

The vulnerability in ImageMagick is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

ROS-20260629-73-0006

The vulnerability in ImageMagick 7 is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...