CVE-2026-4729

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4729 Memory safety bugs fixed in Firefox 149 and Thunderbird 149

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2019-25637 X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...

CVE-2019-25634

The vulnerability CVE-2019-25634 affects Base64 Decoder 1.1.2. It is a stack-based buffer overflow in the decoder that enables local code execution when an SEH chain is overwritten via crafted input. An egghunter payload can locate and execute shellcode after overflowing a buffer and placing a PO...

CVE-2019-25629

AIDA64 Extreme 5.99.4900 is affected by a structured exception handler (SEH) buffer overflow in the logging functionality. The vulnerability allows local code execution by supplying a malicious CSV log file path; an attacker can inject shellcode via the Hardware Monitoring logging preferences, tr...

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CVE-2026-4739

A flaw was found in InsightSoftwareConsortium ITK, specifically within its Expat modules. This integer overflow or wraparound vulnerability can be exploited by a remote attacker without requiring authentication. Successful exploitation could lead to arbitrary code execution, allowing the attacker...

CVE-2026-32942

A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a heap use-after-free vulnerability in the Interactive Connectivity Establishment ICE session. This occurs due to race conditions between session destruction and callbacks, potentially allowing for...

Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff The...

MAL-2026-2410 Malicious code in @the-coca-cola-company/ngps-global-common-utils (npm)

Malicious post-install script combined with low project popularity indicates potential malware. Arbitrary code execution is a major concern. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ebe31c5bb51c354ed83627a02c11ca4c8541e042623b1b987255941ffafdaff The...

CVE-2025-41660

The CVE-2025-41660 entry concerns CODESYS Control runtime system. According to sources, a low-privileged remote attacker may replace the boot application, enabling unauthorized code execution on the target. This is characterized as a network-accessible issue with low attack complexity and privile...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745 Arbitrary Code Execution via Crafted Bytecode in dendibakh/perf-ninja

Improper Control of Generation of Code 'Code Injection' vulnerability in dendibakh perf-ninja labs/misc/pgo/lua modules. This vulnerability is associated with program files ldo.C. This issue affects perf-ninja...

CVE-2026-4745

CVE-2026-4745 is an Arbitrary Code Execution in dendibakh perf-ninja (labs/misc/pgo/lua modules) linked to the vulnerable program file ldo.C. The issue arises from improper generation of code (Code Injection) in perf-ninja, affecting the Lua-related components. The CVSS 4.0 base score is 10.0 (CR...

CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution

Out-of-bounds Read vulnerability in rizonesoft Notepad3 ‎scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1...

FlexHEX 代码问题漏洞

FlexHEX is an open-source hexadecimal data editor developed by FlexHEX. Version 2.71 of FlexHEX contains a code vulnerability caused by a local buffer overflow in the Stream Name field. This vulnerability could allow local attackers to execute arbitrary code by triggering the structured exception...

Vikunja 代码注入漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained a code injection vulnerability. This vulnerability occurred because the Vikunja Desktop Electron wrapper enabled nodeIntegration in the main BrowserWindow without any...

KLA90958 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...

KLA90955 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...