OESA-2026-1206 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to...

CVE-2026-0757 MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

GHSA-3J22-8QJ3-26MX Seroval affected by Denial of Service via Deeply Nested Objects

Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...

Seroval affected by Denial of Service via Deeply Nested Objects

Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...

UBUNTU-CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2026-24006

CVE-2026-24006 affects Seroval and describes a Denial of Service risk from serializing deeply nested JS objects. Versions ≤ 1.4.0 permit object depth that can exhaust the call stack; version 1.4.1 adds a depthLimit parameter to serialization/deserialization and will throw an error when the limit ...

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

EUVD-2026-4134

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS Security Research Toolkit !Pythonhttps://img.shields...

CLSA-2026-1768570231 git: Fix of CVE-2024-32021

CVE-2024-32021: fix issue where cloning local source repository with symlinks may create hardlinks to arbitrary user-readable files in the objects/ directory...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

MiracleLinux 7 : xmlrpc-3.1.3-9.el7 (AXSA:2018-3132:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3132:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003963)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003963 advisory. An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in registerqueuekobjects in net/core/net-sysfs.c, which will cause denial of service...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability, which arises from the possibility for authenticated attackers to embed OLE objects into graphics, potentially leading to privile...

MiracleLinux 4 : xmlrpc3-3.0-4.17.AXS4 (AXSA:2018-3129:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3129:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000843)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000843 advisory. The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service host OS...