CVE-2025-14857

An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical access to the SPI...

CVE-2026-32864 Out-of-Bounds Read in mgcore_SH_25_3!aligned_free()

There is a memory corruption vulnerability due to an out-of-bounds read in mgcoreSH253!alignedfree in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file...

CVE-2026-32863

There is a memory corruption vulnerability due to an out-of-bounds read in sentrytransactioncontextsetoperation in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafte...

CVE-2026-32860 Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2026-32860

The CVE-2026-32860 entry documents a memory corruption vulnerability in NI LabVIEW caused by an out-of-bounds write when loading a corrupted LVLIB file. The flaw may lead to information disclosure or arbitrary code execution. Successful exploitation requires a user to open a specially crafted .lv...

USN-8089-3: ADSys, Juju Core, LXD vulnerabilities

USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in LXD, ADSys, and Juju Core. Original advisory details: Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go...

EUVD-2026-19753

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

CVE-2026-24156

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

Deserialization of Untrusted Data

Overview nvidia-dali-cuda120 is a NVIDIA DALI for CUDA 12.0. Git SHA: a807a5a11d234580f6857bc4b3206ab8d7080f27 Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by providing specially crafted data to be deserialized...

CVE-2026-24156

NVIDIA DALI (NVIDIA’s data loading library) is affected by CVE-2026-24156: a vulnerability that could allow deserialization of untrusted data, potentially enabling arbitrary code execution. The issue is tied to DALI before version 2.0; NVIDIA’s security bulletin states update to 2.0 or later to a...

CVE-2026-24156

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

CVE-2026-24156

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.

A flaw was found in Capstone, a disassembly framework. A local attacker could exploit a heap buffer overflow vulnerability by providing a specially crafted skipdata callback. This flaw occurs because the skipdata length is not properly bounds-checked, which may allow an attacker to write beyond...

EUVD-2026-19346

Lupa has a Sandbox escape and RCE due to incomplete attributefilter enforcement in getattr / setattr...

Arbitrary Code Injection

Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...

EUVD-2026-19610

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

EUVD-2026-19614

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability...

DEBIAN-CVE-2026-5731

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

CVE-2026-5734

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...

UBUNTU-CVE-2026-5731

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...