Funambol Zefiro Cloud 安全漏洞

Funambol Zefiro Cloud is a cloud platform provided by the US-based Funambol company, capable of integrating mobile data synchronization with cloud services. Version 32.0.2026011614 of Funambol Zefiro Cloud contains a security vulnerability. This vulnerability stems from an arbitrary file...

Zora 安全漏洞

Zora is a blockchain platform developed by Zora Company, designed for the issuance and trading of digital assets. Version 2.60.0 of Zora contains a security vulnerability. This vulnerability stems from an issue with arbitrary file overwriting during the file import process, which could lead to...

VulnCheck KEV: CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

ROS-20260331-73-0001

A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

CVE-2026-30290

CVE-2026-30290 concerns an arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1. The issue allows an attacker to overwrite critical internal files through the file import process, which can lead to arbitrary code execution or information exposure. The connected sourc...

Unspecified Vulnerability in Mozilla Firefox and Mozilla Thunderbird

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Firefox and Mozilla Thunderbird, which...

lodash 安全漏洞

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash has a security vulnerability, which stems from insufficient validation of the options.imports key name. This vulnerability could allow for the execution of arbitrary code during template compilation...

KLA90963 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-19991)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-17913)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products, whi...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-16999)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products,...

Multiple Mozilla Products Resource Management Error Vulnerability (CNVD-2026-16998)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A resource management error vulnerability exists in multiple Mozilla...

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

ALSA-2026:6300 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

Linux kernel memory misreference vulnerability (CNVD-2026-16038)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a mix-up in the instruction responsible for freeing memory. An attacker could explo...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Pillow vulnerabilities (USN-8135-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8135-1 advisory. It was discovered that Pillow did not correctly handle reading J2K files, which could lead to an out-of- bounds read vulnerabilit...

ALSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Base Plugins vulnerability (USN-8130-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8130-1 advisory. It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...

RHEL 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:6259)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6259 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...