MiracleLinux 8 : LibRaw-0.19.5-6.el8_10 (AXSA:2026-557:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-557:02 advisory. LibRaw: LibRaw: Memory Corruption via Malicious File Processing CVE-2026-24660 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflo...

LuaJIT 2.1.1774638290 - Arbitrary Code Execution

-- Exploit Title: LuaJIT 2.1.1774638290 - Arbitrary Code Execution -- Date: 2026-03-29 -- Exploit Author: TaurusOmar -- Vendor Homepage: https://luajit.org/ -- Software Link: https://luajit.org/download.html -- Version: LuaJIT 2.1.1774638290 latest -- Tested on: Linux x86-64 Arch Linux --...

Mozilla Firefox ESR < 140.10.2

The version of Firefox ESR installed on the remote Windows host is prior to 140.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-41 advisory. - Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bug...

Mozilla Firefox ESR < 115.35.2

The version of Firefox ESR installed on the remote Windows host is prior to 115.35.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-42 advisory. - Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bug...

Mozilla Firefox < 150.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-40 advisory. - Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and...

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

EUVD-2026-28055

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the export function. An attacker can execute arbitrary spreadsheet formulas in the context of an administrator's local machine by injecting formula payloads into profile fields, which are then exported and opened in...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

CVE-2026-7976

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-7906

Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-43126

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Open Sound System OSS mixer component. This vulnerability arises when pending calls to kernel control operations are not properly handled during device disconnection, leading to potential Use-After-Free UAF scenarios. A...

CVE-2026-43121

A flaw was found in the iouring/zcrx component of the Linux kernel. This vulnerability involves a race condition where two operations can manipulate the same memory counter simultaneously without proper synchronization. This can lead to a memory object being freed twice, followed by an...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

BIT-JAVA-MIN-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

BIT-JAVA-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

BIT-JAVA-MIN-2023-42950

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

BIT-JAVA-MIN-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

BIT-JAVA-2023-42950

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...