9945 matches found
EulerOS Virtualization 2.12.1 : python3 (EulerOS-SA-2026-1455)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorit...
USN-8095-2: Linux kernel (FIPS) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
CVE-2026-4255
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...
CVE-2026-4255
The CVE-2026-4255 entry describes a DLL search order hijacking in Thermalright TR-VISION HOME (Windows 64-bit) that allows local privilege escalation via DLL side-loading. Affected: TR-VISION HOME versions up to 2.0.5. Root cause: the application loads DLL dependencies using the default Windows s...
CVE-2026-4255 DLL Injection Privilege Escalation
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...
CVE-2026-4255
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-1562)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...
PT-2026-25634
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...
EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-1542)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...
Thermalright TR-VISION HOME 安全漏洞
Thermalright TR-VISION HOME is a hardware monitoring and display software developed by Thermalright Corporation. Versions of Thermalright TR-VISION HOME 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities were caused by DLL loading order hijacking, which could allow local...
OESA-2026-1597 python-ply security update
/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...
OESA-2026-1596 python-ply security update
/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...
OESA-2026-1595 python-ply security update
/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...
OESA-2026-1594 python-ply security update
/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...
GHSA-99QW-6MR3-36QR OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories
Summary OpenClaw automatically discovered and loaded plugins from .openclaw/extensions/ inside the current workspace without an explicit trust or install step. A malicious repository could include a crafted workspace plugin that executed as soon as a user ran OpenClaw from that cloned directory...
CVE-2026-0957
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
Digilent DASYLab 安全漏洞
Digilent DASYLab is a graphical data acquisition and application development platform developed by Digilent, Inc. There is a security vulnerability in Digilent DASYLab, which stems from out-of-bound writing when loading corrupted files. This vulnerability may lead to information leakage or the...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
CVE-2026-3989 CVE-2026-3989
SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...