Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

[SECURITY] [DLA 4555-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4555-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 30, 2026 https://wiki.debian.org/LTS -...

EUVD-2026-26350

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2025-13030

CVE-2025-13030 affects the django-mdeditor package. All versions are vulnerable to Missing Authentication for Critical Function in the image upload endpoint, allowing an attacker to upload malicious files and achieve arbitrary code execution due to lack of authentication and improper sanitisation...

EUVD-2025-209593

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

SUSE CVE-2026-7324

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

CVE-2026-38940

Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detailproduk.php component...

PT-2026-36039

Name of the Vulnerable Software and Affected Versions django-mdeditor affected versions not specified Description The image upload endpoint lacks authentication protection and proper sanitization of file names. This allows an attacker to upload malicious files and achieve arbitrary code execution...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

ALSA-2026:12271 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

AlmaLinux 9 : LibRaw (ALSA-2026:11360)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:11360 advisory. LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via heap-based...

RHEL 8 : freerdp (RHSA-2026:12359)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:12359 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3271 (ALAS-2026-3271)

The version of thunderbird installed on the remote host is prior to 140.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3271 advisory. Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 an...

AlmaLinux 9 : python3.12 (ALSA-2026:10745)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10745 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...