SUSE CVE-2026-4721

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-4729

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2026-26306

The installer for OM Workspace Windows Edition Ver 2.4 and earlier insecurely loads Dynamic Link Libraries DLLs, which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

kernel: Linux kernel: RDMA/rxe use-after-free vulnerability leading to potential arbitrary code execution

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. This use-after-free vulnerability occurs in the rxecreatecq function. When the rxecqfrominit function fails, the subsequent call to rxecleanup attempts to free memory resource...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

Linux Distros Unpatched Vulnerability : CVE-2025-67030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642...

PT-2026-27639

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

SANYO DENKI SANUPS SOFTWARE 代码问题漏洞

SANYO DENKI SANUPS SOFTWARE is a software developed by SANYO DENKI Corporation in Japan. It is used for monitoring UPS devices, managing their operation, and analyzing power supply status. SANYO DENKI SANUPS SOFTWARE has code vulnerabilities; these vulnerabilities stem from the Windows service fi...

PT-2026-28076

Name of the Vulnerable Software and Affected Versions plexus-utils versions prior to 6d780b3378829318ba5c2d29547e0012d5b29642 Description A directory traversal issue exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils. This allows an attacker to execute arbitrary...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a mix-up in the instruction responsible for freeing memory. An attacker could explo...

Plexus-utils 安全漏洞

Plexus-utils is a general-purpose utility developed by Plexus Open Source. This program is primarily used to simplify the handling of strings, files, command lines, XML, etc. A security vulnerability existed in Plexus-utils 6d780b3378829318ba5c2d29547e0012d5b29642 and earlier versions. This...

CVE-2025-67030

CVE-2025-67030 is a Directory Traversal/vulnerability in the Plexus Utils library (Expand.extractFile) that can lead to code execution. It affects plexus-utils versions prior to the patch 6d780b3378829318ba5c2d29547e0012d5b29642, with CVSS v3.1 base score 8.8 (HIGH). The connected vendor advisori...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GVfs vulnerabilities (USN-8114-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8114-1 advisory. It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A maliciou...

Deserialization of Untrusted Data

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the checkpoint loading process. An attacker can execute arbitrary code, escalate...

CVE-2026-33412

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

CVE-2026-1995

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

CVE-2026-32948 sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows

sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...