2467653 matches found
Vulnerabilities handled in the MISP platform
MISP has addressed several vulnerabilities in its platform. These vulnerabilities involve unauthorized users being able to manipulate client-provided primary and foreign keys, leading to unauthorized data overwrites, ownership transfers, and changes to record scopes. Additionally, there were...
CVE-2026-53282
A flaw was found in the Linux kernel's kexec functionality, specifically within the purgatory code used by kexec-tools. This vulnerability occurs when the purgatory code attempts to locate a return address on the stack during a non-kjump kexec operation, but the address is not present. This can...
Vulnerabilities handled in the n8n workflow automation platform
n8n has identified several vulnerabilities in the n8n workflow automation platform, particularly in versions 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. These vulnerabilities affect various components of the n8n platform. Authorized users with workflow processing rights can exploit...
Exploit for Missing Authentication for Critical Function in Splunk
CVE-2026-20253 — Splunk Enterprise Pre-Auth RCE Lab Unaut...
CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
CVE-2026-57966
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
EUVD-2026-40050
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
CVE-2026-57966
Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...
CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
CVE-2026-57966
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
CVE-2026-57966
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple Node.js modules (CVE-2026-45736, CVE-2026-45149, CVE-2026-3449 & CVE-2026-8723)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to multiple Node.js modules. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws ...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...
Important: Red Hat Security Advisory: flatpak security update
An update for flatpak is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...