vim security update

9.1.083-6.0.1.el101.4 - Remove upstream references Orabug: 31197557 2:9.1.083-6.4 - Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2...

Mozilla Firefox ESR 缓冲区错误漏洞

Mozilla Firefox ESR is an extended support version of Firefox a web browser developed by the Mozilla Foundation in the United States. The Mozilla Firefox ESR 140.10.0 version and Firefox 150.0.0 version contain a buffer error vulnerability. This vulnerability stems from a memory security flaw,...

Important: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow ...

Logic-to-Code Execution via Indirect Prompt Injection

This document explores a critical architectural vulnerability in Large Language Model LLM implementations, specifically within Command Line Interface CLI tools and automated agentic workflows. The research demonstrates how the absence of separation between the control plane instructions and the...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Cast components after their release, which could allow attackers on the local network to execute...

PT-2026-35738

Name of the Vulnerable Software and Affected Versions Firefox version 150.0.0 Description Memory safety bugs exist that exhibit evidence of memory corruption. These issues could potentially be exploited to execute arbitrary code. Recommendations Update to version 150.0.1...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2028537%2C2029911%2C2031121%2C2033602 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports: Memory safety bugs. Some of these bugs showed evidenc...

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Security Vulnerabilities fixed in Firefox ESR 140.10.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR...

Security Vulnerabilities fixed in Firefox 150.0.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR...

Security Vulnerabilities fixed in Firefox ESR 115.35.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-7191

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

Important: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527

Summary IBM customers who use the IBM 4769 Developer's Toolkit to create custom firmware images may be affected by one or more vulnerabilities that were announced against the Linux kernel. Vulnerability Details CVEID:CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected...

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...