CVE-2026-10173 Orthanc Explorer 2 URL StudyList.vue cross site scripting

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Two use-after-free operations in ibmasminitone have been fixed. In ibmasminitone, it calls ibmasminitremoteinputdev. Inside ibmasminitremoteinputdev, mousedev and keybddev are allocated by inputallocatedevice...

CVE-2026-34253

A flaw was found in the ogg123 utility of the vorbis-tools package. This buffer underflow vulnerability occurs in the remote control functionality when processing malformed input. A remote attacker could exploit this to cause application crashes and potentially achieve arbitrary code execution...

CVE-2026-43894

A flaw was found in jq, a tool used for processing JSON data from the command line. A remote attacker can exploit a vulnerability by providing a specially crafted large number as input. This can cause an internal calculation error, leading to a memory overflow where the attacker can write their o...

CVE-2026-32686

The issue CVE-2026-32686 affects the Elixir/Erlang decimal library (ericmj decimal): parsing an unbounded exponent (e.g., 1e1000000000) can lead to memory growth when performing arithmetic, conversion, or comparison, causing out-of-memory crashes. Impacted operations include Decimal.add/2, Decima...

Arbitrary Command Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the getmimetype function. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A fix was pushed into the mast...

Arbitrary Code Injection

Overview gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Arbitrary Code Injection in the extractcommanddata function of the /ws endpoint. An attacker can execute arbitrary code by...

CVE-2026-35466

CVE-2026-35466 describes a stored XSS in cveInterface.js caused by unsanitized input from remote CVE API services. Multiple sources (NVD, Red Hat, ENISA, CIRCL, CVE List, ATT&CK references) reiterate the vulnerability, with the NVD metrics showing MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:...

CVE-2026-35466 Stored XSS via unsanitized input from remote service

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services...

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

CVE-2025-66555

AirKeyboard iOS App 1.0.5 is vulnerable due to missing authentication, enabling unauthenticated remote keystroke injection in real time and full input control on the victim device. Root cause: lack of authentication; impact includes arbitrary input and potential data exposure. Exploitation detail...

EUVD-2025-201279

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-66555 AirKeyboard iOS App 1.0.5 - Remote Input Injection

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

CVE-2025-66555 AirKeyboard iOS App 1.0.5 - Remote Input Injection

AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...

kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989772)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989772 advisory. In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasminitone In ibmasminitone, it calls...

CVE-2025-47365 Integer Overflow or Wraparound in Automotive Platform

Memory corruption while processing large input data from a remote source via a communication interface...

PT-2025-44930

Name of the Vulnerable Software and Affected Versions Automotive Platform affected versions not specified Description A memory corruption issue exists when processing large input data received from a remote source through a communication interface. The issue is due to an integer overflow or...

EUVD-2021-20264

Malware in sbrugna...

EUVD-2021-22755

Malware in sbrugna...