3897 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46680
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cann...
CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-46680
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-7839
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...
EUVD-2026-40885
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...
EUVD-2025-210392
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...
EUVD-2025-210385
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...
EUVD-2025-210386
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
PT-2026-54489
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy ssaved password, 64,...
CVE-2025-71374
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...
CVE-2025-71349
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...
CVE-2025-71363
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...
CVE-2025-71374 picklescan - Arbitrary Code Execution via Undetected profile.Profile.run
picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...
CVE-2025-71374
CVE-2025-71374 affects picklescan prior to 0.0.29. The library fails to detect the built-in Python profile.Profile.run function when used in pickle reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection and achieve code execution upon deserialization. The ...
CVE-2025-71363 picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...
CVE-2025-71363
CVE-2025-71363 affects the picklescan tool prior to 0.0.30. It fails to detect cProfile.run calls within pickle reduce methods, enabling remote attackers to craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and cause code execution during deserialization.
CVE-2025-71349 picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...
CVE-2025-71349
The affected software is picklescan with versions before 0.0.29. The vulnerability arises because the tool fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing an attacker to embed malicious code. Remote attackers can craft pickle files that use trace.Trace....
CVE-2026-58171
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...
EUVD-2026-40352
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...