Langroid 代码注入漏洞

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.63.0 contained a code injection vulnerability. This vulnerability stemmed from SQLChatAgent executing SQL statements generated by the LLM. It could be exploited via prompt...

PT-2026-45442

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

HP Poly Voice 安全漏洞

HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...

PT-2026-45420

Name of the Vulnerable Software and Affected Versions HP Poly VVX series affected versions not specified HP Poly Trio 8300 affected versions not specified HP Poly Trio 8500 affected versions not specified HP Poly Trio 8800 affected versions not specified Description A stack-based buffer overflow...

Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform. HP Poly recommends admins disable ICE connectivity when not required...

Ubuntu 22.04 LTS / 24.04 LTS : LibreOffice vulnerability (USN-8340-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8340-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use...

PT-2026-45544

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description Remote code execution can occur due to the deserialization of untrusted data. This issue affects JAX-WS endpoints that utilize WS-Security...

IBM WebSphere Application Server（WAS） 代码注入漏洞

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Both the 9.0 and 8.5 versions of IBM WebSphere Application Server contained a code...

PT-2026-45540

Name of the Vulnerable Software and Affected Versions AI Tensor Engine for ROCm AITER versions prior to 0.1.15 Description An unauthenticated remote code execution issue exists in the MessageQueue.recv function within shm broadcast.py. This occurs because a ZMQ SUB socket lacks authentication,...

aiter 代码问题漏洞

aiter is a high-performance AI operator library open source by AMD ROCm™ Software, providing optimized GPU cores for inference and training. Versions of aiter prior to 0.1.14 contain code vulnerabilities. These vulnerabilities stem from unauthenticated remote code execution in the MessageQueue.re...

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

PUB-A-449725859

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-463998243

In multiple locations, there is a possible way to achieve remote code execution due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-477022794

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

PUB-A-472711335

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45384

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the KubernetesExecutor causes JSON Web Tokens JWT, used by worker pods to authenticate against the Execution API, to be passed to the worker container as command-line arguments. These...

PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration

The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...

PUB-A-481652714

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

Poppler 输入验证错误漏洞

Poppler is an open-source PDF rendering library developed by Poppler. Poppler has a vulnerability related to input validation errors. This vulnerability stems from an integer overflow in the tilingPatternFill function within the Splash backend. As a result of this overflow, insufficient heap memo...