CVE-2025-11739

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

USN-8081-1 libpng vulnerabilities

It was discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, or disclose sensitive information. CVE-2025-64505 Joshua Inscoe discovered that libpng did not...

CVE-2026-3826

IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server...

CVE-2026-3826 WellChoose｜IFTOP - Local File Inclusion

IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server...

CVE-2026-3826

IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server...

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

EUVD-2026-10951

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-10941

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-10942

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-10944

Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-10940

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-10903

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-15384)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

CVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrxevo component...