CVE-2025-71182 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-71182 affecting package kernel for versions less than 6.6.121.1-1. A patched version of the package is available...

CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14

CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...

CVE-2026-22796 affecting package edk2 for versions less than 20240524git3e722403cd16-14

CVE-2026-22796 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

CVE-2026-2245

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

CVE-2026-2241

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function osstrftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is...

CVE-2026-2241 janet-lang janet os.c os_strftime out-of-bounds

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function osstrftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is...

GHSA-PFV4-WMPH-5GC6 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

GHSA-87R5-MP6G-5W5J jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

PT-2026-7139

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag detector detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed...

PT-2026-7130

A vulnerability was identified in CCExtractor up to 183. This affects the function parse PAT/parse PMT in the library src/lib ccx/ts tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit...

Linux Distros Unpatched Vulnerability : CVE-2026-22044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has...

PT-2026-7121

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch i...

CVE-2026-2178

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...

CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...

CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...

PT-2026-6995

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0 related to unrestricted file upload. The issue affects the processing of the file /seller/assets/backend/profile/addadhar.php. Manipulation...