485620 matches found
USN-8411-1 node-lodash vulnerabilities
It was discovered that Lodash was vulnerable to a prototype pollution issue in the zipObjectDeep function. An attacker could possibly use this issue to modify application behavior. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-8203 Liyuan Chen discovered that Lodash was...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...
firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...
CVE-2026-9279
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...
CVE-2026-10520
Ivanti Sentry (formerly MobileIron Sentry) is affected by CVE-2026-10520, an OS Command Injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary commands as root. The issue resides in the ConfigServiceController via the unauthenticated POST to /mics/api/v2/sentr...
Microsoft Word Remote Code Execution Vulnerability
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...
Microsoft SharePoint Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Nuance PowerScribe Remote Code Execution Vulnerability
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...
Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...
HTTP.sys Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...
Microsoft Outlook and Word Remote Code Execution Vulnerability
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
Microsoft Excel Remote Code Execution Vulnerability
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally...
Remote Desktop Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...
Windows Kernel Remote Code Execution Vulnerability
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...