Security Vulnerabilities fixed in Thunderbird 140.8 — Mozilla

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

Mozilla多款产品 输入验证错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

SolarWinds Serv-U 安全漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a security vulnerability that stems from access control violations, which may lead to the creation of system administrator users and the execution of arbitrary co...

USN-8057-1: GIMP vulnerabilities

Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue onl...

USN-8057-1 gimp vulnerabilities

Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue onl...

CVE-2026-21420

Dell Repository Manager (DRM) v3.4.7 and earlier is affected by an Uncontrolled Search Path Element, enabling a local, low-privilege attacker to potentially execute arbitrary code and escalate privileges. Root cause is improper handling of search paths in DRM prior to 3.4.8. Impact includes high ...

USN-8056-1 u-boot vulnerabilities

Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...

USN-8054-1 djvulibre vulnerabilities

It was discovered that DjVuLibre could be forced to execute a division by zero in certain instances. A remote attacker could possibly use this issue to cause applications to stop responding or crash, resulting in a denial of service. CVE-2021-46312 It was discovered that DjVuLibre incorrectly...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-2998

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code...

CVE-2026-2998

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code...

CVE-2026-2998 eAI Technologies｜ERP - DLL Hijacking

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can exploit a use-after-free vulnerability by enticing a client to connect to it. This can lead to a client-side crash, resulting in a Denial of Service DoS, and potentially allow for arbitrary...

freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a client-side heap buffer overflow vulnerability in the gdiSurfaceToSurface path. This vulnerability, caused by a mismatch in memory handling, can lead to a crash Denial of Service of the client application. Furthermore, it carries a ris...

PT-2026-21517

Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions prior to 3.4.8 Description Dell Repository Manager DRM has an issue related to an uncontrolled search path element. A local attacker with limited privileges could potentially exploit this, leading to arbitrary...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

eAI ERP 代码问题漏洞

eAI ERP is an enterprise resource management software developed by eAI Corporation. eAI ERP has code vulnerabilities, which stem from DLL hijacking. These vulnerabilities may allow authenticated local attackers to execute arbitrary code...