CVE-2026-3502 TrueConf Client Update Integrity Verification Bypass

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

The CVE-2026-3502 issue affects TrueConf Client where the update payload is downloaded and installed without integrity verification, allowing an attacker who controls the update path to substitute a tampered payload and potentially achieve arbitrary code execution in the updater process or user c...

Exposed Dangerous Method or Function

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the CodeInterpreter tool that fallbacks to SandboxPython when Docker is unreachable. An attacker can execute arbitrary code by invoking...

Arbitrary Code Injection

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper verification of the Docker runtime status, causing a fallback to a SandboxPython environment. An attacker can execute arbitrary code by...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corrupti...

USN-8131-1: GStreamer Good Plugins vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain X-QDM RTP payloads. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8130-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution

A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash,...

CVE-2018-25222

A flaw was found in SC. This stack-based buffer overflow vulnerability allows local attackers to execute arbitrary code. By providing input that exceeds the allocated memory buffer, an attacker can overwrite critical program data, leading to the execution of malicious code within the application'...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

CVE-2018-25220

A flaw was found in Bochs. Attackers can exploit a stack-based buffer overflow vulnerability by providing an oversized input string to the application. This can lead to arbitrary code execution, allowing attackers to run unauthorized commands with the application's privileges...

CVE-2016-20038

A flaw was found in yTree. This vulnerability, a stack-based buffer overflow, allows a local attacker to execute arbitrary code. By supplying an excessively long command-line argument, an attacker can overwrite the program's memory stack, leading to the execution of malicious code within the...

EUVD-2026-17073

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

EUVD-2026-17069

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...