CVE-2026-41373 OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

CVE-2026-41373

OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGOBUILDRUSTC, and CMAKECCOMPILER via environment overrides. Attackers with approved host-exec requests c...

CVE-2025-60889

Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...

CVE-2026-7323

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

CVE-2026-5435

A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for printing TSIG Transaction Signature records fail to properly manage memory buffers. This oversight can lead to an out-of-bounds write when processing specially crafted TSIG records. An attacker could...

CVE-2026-41526

A flaw was found in KDE KCoreAddons. The KShell::quoteArgs function, intended to safely quote arguments for shell commands, does not properly handle special characters. This vulnerability allows an attacker to inject control characters, such as \x01, leading to an escape from the shell...

LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading

A flaw was found in LibRaw. A heap-based buffer overflow vulnerability exists in the losslessjpegloadraw functionality. A remote attacker can exploit this by providing a specially crafted malicious file. This can lead to arbitrary code execution, allowing the attacker to take control of the...

Important: Red Hat Security Advisory: LibRaw security update

An update for LibRaw is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2026-7324 Memory safety bugs fixed in Thunderbird 150.0.1

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

CVE-2026-7324

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

CVE-2026-7324 Memory safety bugs fixed in Thunderbird 150.0.1

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

EUVD-2026-26060

Memory safety bugs present in Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w...

CVE-2026-7323

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

CVE-2026-7323

Memory safety bugs were reported in Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0, and Thunderbird 150.0.0, with evidence of memory corruption and the possibility that exploiting these could have permitted arbitrary code execution. These issues have been fixed in Firefox 150.0.1...

CVE-2026-7323

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

EUVD-2026-26059

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

CVE-2026-7322

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

CVE-2026-7322 Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

CVE-2026-7322

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...