CVE-2026-2781

CVE-2026-2781 is an integer overflow in the AES-GCM implementation of the Mozilla Network Security Service libraries (NSS) affecting Firefox/Thunderbird suites. Connected advisories confirm the NSS overflow can lead to memory safety concerns, with fixes delivered in Firefox 148 and corresponding ...

CVE-2026-2781 Integer overflow in the Libraries component in NSS

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

CVE-2026-2781

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

CVE-2026-2781 Integer overflow in the Libraries component in NSS

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

EUVD-2026-8502

Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox 148 and Firefox ESR 140.8...

CVE-2026-2781

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

Mozilla -- Integer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2009552 reports: Integer overflow in the Libraries component in NSS...

[SECURITY] Fedora 43 Update: python3.13-3.13.12-1.fc43

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries

Overview The installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool contains the following vulnerability related to the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-26050 Kazuma...

PDF-XChange Editor 代码问题漏洞

PDF-XChange Editor is a PDF file viewing software developed by PDF-XChange Company, which runs on Microsoft Windows systems. PDF-XChange Editor has a code vulnerability that stems from the TrackerUpdate process loading libraries from an insecure location, which may lead to local privilege...

CVE-2026-22208

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

CVE-2026-22208

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

CVE-2026-22208

OpenS100 (reference S-100 viewer) before commit 753cf29 is vulnerable to remote code execution via an unrestricted Lua interpreter. The Portrayal Engine calls luaL_openlibs() without sandboxing, exposing standard libraries such as os and io to untrusted portrayal catalogues. An attacker can suppl...

CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

PT-2026-20300

Name of the Vulnerable Software and Affected Versions OpenS100 versions prior to commit 753cf29 Description The software contains a remote code execution issue due to an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL openlibs without sandboxing or capability...

CVE-2025-70956

A State Pollution vulnerability was discovered in the TON Virtual Machine TVM before v2025.04. The issue exists in the RUNVM instruction logic VmState::runchildvm, which is responsible for initializing child virtual machines. The operation moves critical resources specifically libraries and log...

CVE-2026-25676

The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges...

CVE-2025-70956

Summary of CVE-2025-70956 (TON TVM) : A State Pollution vulnerability exists in TON’s Virtual Machine (TVM) prior to v2025.04, in RUNVM’s VmState::run_child_vm. The code moves critical resources (libraries and logs) from the parent to a new child VM in a non-atomic fashion. If an Out-of-Gas (OOG)...