Lucene search
K

206159 matches found

Mozilla
Mozilla
added 2026/04/07 12:0 a.m.9 views

Security Vulnerabilities fixed in Thunderbird 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.2 views

PT-2026-30825

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 140.9.1 Thunderbird versions prior to 149.0.2 Thunderbird ESR versions prior to 140.9.1 Description Memory safety bugs are present in Firefox and Thunderbird, potentially leading ...

10CVSS6.2AI score0.00329EPSS
Exploits0References125
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30822

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 115.34.1 and 140.9.1 Thunderbird versions prior to 149.0.2 and 140.9.1 Description Memory safety bugs are present in Firefox and Thunderbird, with some showing evidence of memory...

10CVSS5.9AI score0.0035EPSS
Exploits0References126
OSV
OSV
added 2026/04/07 12:0 a.m.7 views

ALSA-2026:6915 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.8CVSS6.2AI score0.01162EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31058

Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...

10CVSS6.3AI score0.00781EPSS
Exploits1References242
NVD
NVD
added 2026/04/06 8:16 p.m.5 views

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

9.8CVSS0.00291EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 8:16 p.m.8 views

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

0.00114EPSS
Exploits0
EUVD
EUVD
added 2026/04/06 7:39 p.m.3 views

EUVD-2026-19471

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS6.1AI score0.00291EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/06 7:39 p.m.16 views

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS0.00291EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:39 p.m.2 views

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS6.1AI score0.00291EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 7:39 p.m.4 views

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS6.1AI score0.00291EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/06 6:44 p.m.4 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.7AI score0.00537EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/06 6:44 p.m.4 views

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

8.8CVSS6.5AI score0.00591EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/06 6:44 p.m.4 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS6.6AI score0.00591EPSS
Exploits2References3
OSV
OSV
added 2026/04/06 5:49 p.m.4 views

GO-2026-4920 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai

KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai...

8.8CVSS6.2AI score0.00448EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/04/06 5:45 p.m.19 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS0.00714EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 4:16 p.m.5 views

DEBIAN-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00613EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 4:16 p.m.2 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS0.00613EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/06 4:16 p.m.0 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00613EPSS
Exploits1References2
OSV
OSV
added 2026/04/06 4:16 p.m.6 views

UBUNTU-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00613EPSS
Exploits1References3
Rows per page
Query Builder