CVE-2026-8326 Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

CVE-2026-8326

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

Security Bulletin: There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5758)

Summary There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5758 DESCRIPTION: JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0,...

CVE-2026-49199

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

CVE-2026-49199

The CVE-2026-49199 entry describes a root‑level RCE via crafted MQTT messages, enabling command injection on the target device. Connected records identify Predator Connect W6x as affected (CVE-2026-49199 CVE Record). The core issue is a vulnerability in handling MQTT payloads that allows arbitrar...

CVE-2026-49199 Predator Connect W6x: RCE via MQTT

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

EUVD-2026-33269

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

EUVD-2026-33260

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

[SECURITY] Fedora 43 Update: perl-Sereal-Encoder-5.005-1.fc43

This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...

[SECURITY] Fedora 43 Update: perl-Sereal-Decoder-5.005-1.fc43

This library implements a deserializer for an efficient, compact-output, and feature-rich binary protocol called Sereal...

SUSE CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

SUSE CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

[SECURITY] Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44

This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...

[SECURITY] Fedora 44 Update: perl-Sereal-Decoder-5.005-1.fc44

This library implements a deserializer for an efficient, compact-output, and feature-rich binary protocol called Sereal...

EUVD-2026-33066

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the workflow telemetry cleaner might retain fragments of URL shape node...

Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)

The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...

PT-2026-44989

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar function validates the X...

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...