firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2026-33021

A flaw was found in libsixel, a SIXEL encoder/decoder implementation. An attacker who controls incoming frames can exploit a use-after-free vulnerability. This occurs because a caller-owned pixel buffer is prematurely freed during a resize operation, leaving a dangling pointer. This can lead to a...

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

EUVD-2026-22788

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-22720

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-22730

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the rules engine process. An attacker can execute arbitrary code on the server, read arbitrary files, steal environment variables including database credentials, and bypass multi-tenant isolation to access da...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. A type confusion vulnerability exists in Google Chrome's Turbofan compiler. The vulnerability stems from Turbofan's failure to properly handle types in certain JavaScript code, which can be exploited by an attacker to execute arbitrary code in t...

PT-2026-33167

Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A signed integer overflow exists in the DVD subtitle parser's fragment reassembly bounds checks. A remote attacker can exploit this by providing a specially crafted MPEG-PS/VOB media file...

Adobe Framemaker Untrusted Search Path Vulnerability

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An untrusted search path vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to caus...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Forms component, which can be exploited by an attacker to execute arbitrary code from a specially crafted HTML page in a sandbox...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a failure of the Cast component to properly handle memory objects and can be exploited by an attacker to execute arbitrary code via a specially crafted...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...

Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on applications built using the Microsoft vcpkg port of OpenSSL. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2026-19437)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system...