205643 matches found
openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing
A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...
Important: Red Hat Security Advisory: openexr security update
An update for openexr is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...
Pyro3 安全漏洞
Pyro3 is a Python remote object invocation library developed by Irmen de Jong. Version 3.x of Pyro3 contains a security vulnerability, which stems from issues with the pickle protocol. This vulnerability could allow arbitrary code to be executed through specially crafted pickle string messages...
Dynabook Bluetooth ACPI 安全漏洞
Dynabook Bluetooth ACPI is a system interface component developed by Dynabook Japan, used for managing the power supply of Bluetooth hardware and device status. Dynabook Bluetooth ACPI contains a security vulnerability caused by a stack buffer overflow, which may lead to the execution of arbitrar...
PT-2026-32498
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...
PT-2026-32446
Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.30.5 Decidim versions 0.31.0.rc1 through 0.31.0 Description A stored code execution issue in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively...
CVE-2026-31048
An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...
CVE-2026-31048
The CVE-2026-31048 issue affects Pyro v3.x, specifically its pickle protocol, where a crafted pickled string message can lead to arbitrary code execution. Multiple connected sources (NVD, Red Hat, Ubuntu, Nessus plugin, etc.) confirm the vulnerability and name Pyro v3.x as the affected component,...
Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2026-1547)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1547 advisory. A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. Thi...
CVE-2026-31048
An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...
EUVD-2026-22059
An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...
MiracleLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (AXSA:2026-421:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-421:01 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffe...
PT-2026-32504
CVE-2026-31048 An issue in the codepickle/code protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. https://t.co/9RAOHY9pwL...
PT-2026-32371
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Dag Authors can craft a malicious XCom payload that allows them to execute arbitrary code within the webserver context, bypassing the standard restriction that prevents them from executing cod...
Keras 代码问题漏洞
Keras is an open-source deep learning framework with multiple backends. Version 3.13.0 of Keras contains a code vulnerability that stems from the TFSLayer class’s unconditional loading of external SavedModels, which may lead to arbitrary code execution...