firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the analyzestring function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data...

Moderate: Red Hat Security Advisory: ncurses security update

An update for ncurses is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-32680

The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...

CVE-2026-28760

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege...

CVE-2026-28760

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

PT-2026-28222

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

CVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code...

PT-2026-28284

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...

PT-2026-28398

Name of the Vulnerable Software and Affected Versions FuelCMS version 1.5.2 Description An issue exists in the /parser/dwoo component that allows attackers to execute arbitrary code through crafted PHP code. The affected component is susceptible to code execution when processing specially designe...

Unspecified Vulnerability in Google Chrome (CNVD-2026-15407)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that is due to an object lifecycle issue in PowerVR. An attacker can exploit the vulnerability to execute arbitrary code on the system...

OpenClaw has an unspecified vulnerability (CNVD-2026-16049)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute arbitrary code without sandbox escape...

Google Chrome integer overflow vulnerability (CNVD-2026-15405)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an integer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Google Chrome memory misreference vulnerability (CNVD-2026-15404)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Google Chrome heap buffer overflow vulnerability (CNVD-2026-15403)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that is caused by incorrect boundary checking in WebGL. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

Google Chrome Resource Management Error Vulnerability (CNVD-2026-15395)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the sandbox via specially crafted HTML pages...

Canva Affinity Out-of-Bounds Write Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code using a specially crafted EMF file...