2516 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...
📄 Espanso 2.3.0 Shell Extension Arbitrary Command Execution
The Shell extension in Espanso version 2.3.0 allows arbitrary command execution. An attacker who can modify the match configuration file can inject shell commands that execute when the user types the trigger. No restart required. Exploit Title: Espanso v2.3.0 - Shell Extension Arbitrary Command...
VulnCheck KEV: CVE-2026-44338
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...
Malicious code in xxx-bale (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1109b5dc74c94551027044e54e20f9c1c18f89d53da6af87861ba4773eae1966 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...
MAL-2026-3428 Malicious code in xxx-bale (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1109b5dc74c94551027044e54e20f9c1c18f89d53da6af87861ba4773eae1966 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...
MAL-2026-3425 Malicious code in xxoo-bale (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 74ce2be8301ccea70138e307282fbf70ede26eede2a531296145f7d0da695b80 The package contains code to install remotely stored malware and ensure its persistence. The code is not triggered automatically; it requires a separate trigge...
Exploit for Code Injection in Apache Nifi
CVE-2023-34468 Exploit !GitHub starshttps://img.shields.io...
CVE-2026-45130
Vim: Heap buffer overflow in read_compound() (src/spellfile.c) prior to 9.2.0450 when loading a crafted, UTF-8 spell file (.spl). An attacker-controlled length in the spell file’s compound section overflows a 32-bit signed multiplication, causing a small heap buffer to be allocated for a write lo...
CVE-2026-45130
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...
CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...
EUVD-2026-28871
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...
CVE-2026-45130
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...
Exploit for CVE-2026-3844
CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...
Linux Distros Unpatched Vulnerability : CVE-2026-43315
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...
CVE-2026-42228
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
kernel: ALSA: aloop: Fix racy access at PCM trigger
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...