CVE-2026-0763

GPT Academic runinsubprocesswrapperfunc Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific...

AZL-75141 CVE-2025-71147 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

UBUNTU-CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

CVE-2026-0763

GPT Academic runinsubprocesswrapperfunc Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific...

CVE-2026-0763 GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability

GPT Academic runinsubprocesswrapperfunc Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit this vulnerability. The specific...

GPT Academic Code Issues and Vulnerabilities

GPT Academic is an interface developed by binary-husky developers, designed to provide practical interactions for large language models like GPT/GLM. There are code vulnerabilities in GPT Academic; these vulnerabilities stem from the runinsubprocesswrapperfunc function, which lacks validation of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001730 advisory. In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation o...

MiracleLinux 4 : kdelibs-4.3.4-11.AXS4.4 (AXSA:2012-42:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-42:01 advisory. Libraries for the K Desktop Environment 4. Security issues fixed with this release: CVE-2011-3365 The KDE SSL Wrapper KSSL API in KDE SC 4.6.0 through 4.7.1, a...

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious distributionUrl in gradle/wrapper/gradle-wrapper.properties can lead to command execution in the Renovate runtime. Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper...

Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Command Injection via the distributionUrl parameter in the Gradle Wrapper update process. An attacker can execute arbitrary commands within the runtime environment by injecting shell command substitutio...

EUVD-2026-2098

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious distributionUrl...

GHSA-PFQ2-HH62-7M96 Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious distributionUrl in gradle/wrapper/gradle-wrapper.properties can lead to command execution in the Renovate runtime. Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper...

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 9 : php-8.0.30-3.el9_6 (AXSA:2025-10450:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10450:05 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

CVE-2021-0540

In halWrapperDataCallback of halwrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

PT-2026-1993

Name of the Vulnerable Software and Affected Versions GPT Academic affected versions not specified Description A flaw exists in the run in subprocess wrapper func function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation...

PT-2026-3413

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474015854 Crash type: Use-of-uninitialized-value Crash state: processTLSBlock ndpi search dtls ndpi search tls wrapper...

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...