PT-2026-21740

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description The software contains memory safety bugs. Some of these bugs exhibited evidence of memory corruption, and it is presumed that, with sufficient effort, they could...

PT-2026-21669

Name of the Vulnerable Software and Affected Versions Serv-U affected versions not specified Description A type confusion issue exists in Serv-U, potentially allowing a malicious actor to execute arbitrary native code with privileged account privileges. Exploitation requires administrative...

Security Vulnerabilities fixed in Thunderbird 140.8 — Mozilla

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

Security Vulnerabilities fixed in Thunderbird 148 — Mozilla

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7,...

Security Vulnerabilities fixed in Firefox 148 — Mozilla

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7,...

Mozilla多款产品 缓冲区错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products, which...

KLA90902 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use after...

Mozilla多款产品 输入验证错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

MLflow < 3.8.0 Authentication Bypass (ZDI-26-111)

The version of MLflow installed on the remote host is prior to 3.8.0. It is, therefore, affected by an authentication bypass vulnerability: - A use of default password vulnerability exists in the basicauth.ini file. The file contains hard-coded default credentials that allow remote, unauthenticat...

Mozilla多款产品 缓冲区错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in multiple Mozilla products, whi...

USN-8057-1 gimp vulnerabilities

Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue onl...

USN-8057-1: GIMP vulnerabilities

Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue onl...

CVE-2026-21420

Dell Repository Manager (DRM) v3.4.7 and earlier is affected by an Uncontrolled Search Path Element, enabling a local, low-privilege attacker to potentially execute arbitrary code and escalate privileges. Root cause is improper handling of search paths in DRM prior to 3.4.8. Impact includes high ...

USN-8056-1 u-boot vulnerabilities

Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...

USN-8054-1 djvulibre vulnerabilities

It was discovered that DjVuLibre could be forced to execute a division by zero in certain instances. A remote attacker could possibly use this issue to cause applications to stop responding or crash, resulting in a denial of service. CVE-2021-46312 It was discovered that DjVuLibre incorrectly...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-2998

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code...

CVE-2026-2998

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code...