ALSA-2026:6817 Important: capstone security update

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Security Fixes: capstone: Capstone: Memory corruption via unchecked vsnprintf return CVE-2025-68114 capstone: Capstone: Heap buffer overflow via...

RockyLinux 9 : freerdp (RLSA-2026:6340)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6340 advisory. freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP heap-buffer-overflow CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow...

Mozilla Firefox ESR < 140.9.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-27 advisory. - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0,...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2025475%2C2025477 reports: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 reports: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence o...

KLA90969 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute arbitrary code. 2. Incorrec...

PT-2026-31000

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

RHEL 10 : freerdp (RHSA-2026:6799)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6799 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

RHEL 6 : vim (RHSA-2026:6725)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6725 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via command injection in glob...

Security Vulnerabilities fixed in Firefox 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Security Vulnerabilities fixed in Thunderbird 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-34444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed throug...

ALSA-2026:6915 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

PT-2026-30822

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 115.34.1 and 140.9.1 Thunderbird versions prior to 149.0.2 and 140.9.1 Description Memory safety bugs are present in Firefox and Thunderbird, with some showing evidence of memory...

PT-2026-31058

Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

EUVD-2026-19471

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...