HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection

A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...

Important: Red Hat Security Advisory: hplip security update

An update for hplip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2024-22447

CVE-2024-22447 affects Dell Peripheral Manager prior to 1.7.3. The vulnerability is an uncontrolled search path element that could allow preloading a malicious DLL to achieve arbitrary code execution. Affected product: Dell Peripheral Manager. Root cause: uncontrolled search path element in the a...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

CVE-2026-12326

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

CVE-2026-12327

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2026-12328

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-41731

A flaw was found in the spring-kafka component. A remote attacker, by supplying crafted header values, could exploit a vulnerability in JsonKafkaHeaderMapper and DefaultKafkaHeaderMapper that incorrectly matched type headers against trusted packages. This issue, combined with Jackson's default be...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Adobe ColdFusion - Pre-Auth Remote Code Execution

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

XWiki < 4.10.20 - Remote code execution

XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-38203 info: name:...

CVE-2026-47131

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERRINVALIDARGTYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an...

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...