CVE-2026-1839

CVE-2026-1839 concerns the HuggingFace Transformers library, affecting the Trainer class. The root cause is an unsafe load in src/transformers/trainer.py: _load_rng_state() calls torch.load() without weights_only=True, which can allow arbitrary code execution when loading a malicious checkpoint (...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

RLSA-2026:6005 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write ...

NI LabVIEW 安全漏洞

NI LabVIEW is a graphical programming platform developed by National Instruments. Versions of NI LabVIEW prior to 2026 Q1 26.1.0 contained security vulnerabilities. These vulnerabilities stemmed from out-of-bound writing during the loading of corrupted LVCLASS files, which could lead to memory...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 reports: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence o...

RHEL 10 : freerdp (RHSA-2026:6799)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6799 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RockyLinux 9 : freerdp (RLSA-2026:6340)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6340 advisory. freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP heap-buffer-overflow CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a resource management vulnerability. This vulnerability stemmed from WebRTC’s ability to reuse resources after they are released, potentially allowing arbitrary code to be executed...

Mozilla多款产品 缓冲区错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

KLA90969 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute arbitrary code. 2. Incorrec...

RHEL 8 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RHSA-2026:6750)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6750 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

Security Vulnerabilities fixed in Firefox 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Security Vulnerabilities fixed in Thunderbird 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

PT-2026-30826

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Thunderbird versions prior to 149.0.2 Description Memory safety bugs exist in Firefox 149.0.1 and Thunderbird 149.0.1. These bugs demonstrate evidence of memory corruption, and it is presumed that, with...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by improper implementation of the V8 engine. This vulnerability could allow arbitrary code to be executed within a sandbox through...

Semtech LR11xx LoRa 安全漏洞

Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. There are security vulnerabilities in Semtech LR11xx LoRa. These vulnerabilities stem from improper access control in earlier firmware versions, which may allow attackers with...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Firefox and Mozilla Thunderbird...

KLA90972 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics can be exploited to cause denia...