2562 matches found
CVE-2025-71371
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2026-53078
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF socket operations sockops program. When a BPF sockops program accesses context fields with the same destination and source registers, certain macros fail to properly clear the destination register. This can lead to a...
jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation
jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters i.e. the type ID string contains when only java.util.ArrayList is allow-listed. The container...
CVE-2026-54325
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...
CVE-2026-56258
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.runctx function in pickle file reduce methods. An attacker can execute arbitrary code by...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...
Astra Linux – Vulnerability in Qemu
A out-of-bounds write flaw was discovered in the UAS USB-attached SCSI device emulation in QEMU in versions prior to 6.2.0-rc0. The device uses the guest-provided stream number without proper checking, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A...
Astra Linux – Vulnerability in Vim
“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...
Astra Linux – Vulnerability in Firefox and Thunderbird
A memory safety bug exists in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug exhibited signs of memory corruption, and we assume that with sufficient effort, this could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions less than 125, Firef...
SUSE-SU-2026:2437-1 Security update for wireshark
This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile import crash and possible code execution bsc1263809...
K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530
Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...
Improper Restriction of Names for Files and Other Resources
Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...
CVE-2026-12327 Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...
PT-2026-49750
Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description A heap buffer overflow exists in the SHORT BINUNICODE parsing for PyTorch checkpoint files within the pickle .ckpt parser in src/model.cpp. The issue stems from sign confusi...
PT-2026-49755
Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...
CVE-2026-12161
CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...
DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output
Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...
PT-2026-49282
Name of the Vulnerable Software and Affected Versions Rakuten Send Anywhere File Transfer for Android version 23.2.9 Description An issue in the application allows untrusted apps without permissions to force arbitrary file downloads into the app's scoped storage. These files then appear in the...