Red Hat Enterprise Linux 安全漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a security vulnerability. This vulnerability stems from improper handling of special XCOFF object files during linking. A local attacker can trick users into...

KLA91003 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in DevTools can be exploited to cause denial of service or execu...

RHEL 10 : thunderbird (RHSA-2026:9638)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9638 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-fr...

RHEL 7 / 8 / 9 : Java 11 OpenJDK ELS Security Update (Important) (RHSA-2026:9254)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9254 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This...

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the run function of the CSVAgents class when evaluating LLM-generated Python scripts in a pyodide environment without sufficient sandboxing. An attack...

EUVD-2026-24163

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

giflib: Giflib: Double-free vulnerability leading to memory corruption

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

giflib: Giflib: Double-free vulnerability leading to memory corruption

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

EUVD-2026-24127

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2026-6784 Memory safety bugs fixed in Firefox 150 and Thunderbird 150

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

openexr security update

An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...

RLSA-2026:8888 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

Silex Technology SD-330AC and AMC Manager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

Arbitrary Code Injection

protobufjs is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of the "type" field in protobuf definitions, which allows an attacker to inject and execute arbitrary code during object decoding...

PT-2026-34180

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...

KLA90997 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerabilit can be exploited to cause...

Lawnchair 安全漏洞

Lawnchair is an open-source Android desktop launcher developed by Lawnchair, featuring highly customizable features and Pixel functionality. Lawnchair has a security vulnerability, which stems from command injection in the releaseupdate.yml workflow scheduling input, potentially allowing arbitrar...