CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

CVE-2026-30898

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

EUVD-2026-23658

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed...

CVE-2026-4134

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...

EUVD-2026-22581

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally...

CVE-2026-4345

CVE-2026-4345 describes a stored XSS flaw in Autodesk Fusion desktop: a malicious design name, when exported to CSV, can execute in the app’s process context and read local files. Affected: Fusion desktop application; vulnerability arises from stored payload in design names. CVSS base metrics ind...

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

PT-2026-32851

CVE-2026-32199 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...

PT-2026-32645

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

PT-2026-32653

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

EUVD-2026-21898

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

CVE-2026-0233

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

CVE-2026-0233

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges...

PT-2026-32513

Name of the Vulnerable Software and Affected Versions Apache NiFi affected versions not specified Description The TinkerpopClientService component of the Apache NiFi data processing platform contains access control errors. Specifically, it lacks the required Execute Code permission, which could...

CVE-2019-25705

Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries a...

CVE-2026-35643

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context...