CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2335)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

CVE-2026-8832 WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...

Deserialization of Untrusted Data

Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the server$ RPC mechanism. An attacker can execute arbitrary...

PT-2026-2491

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 5.0.0 through 6.10.1 Description OpenC3 COSMOS provides functionality to send commands to and receive data from embedded systems. Versions 5.0.0 through 6.10.1 contain a remote code execution issue reachable through the...

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

CVE-2025-36463

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An...

GHSA-3G4J-R53P-22WX Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references. Original Description Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supaba...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

EUVD-2025-34516

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

EUVD-2025-34515

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...