CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

Ruby on Rails local names command execution

Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an...