ALSA-2026:10713 Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-4800 For more details about the security issues, including the impact, a CVSS score,...

AutoForge 命令注入漏洞

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge has a command injection vulnerability, which stems from the /devserver/start endpoint’s command injection. This vulnerability could allow attackers to execute arbitrary code...

RHEL 9 : pcs (RHSA-2026:10710)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10710 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: lodash: Arbitrary cod...

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:11062 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2026-6786

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2018-25263 Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...

EUVD-2018-21791

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...

Debian dla-4549 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4549 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4549-1 [email protected]...

Mozilla多款产品 缓冲区错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

PT-2026-35241

Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler SEH overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log...

CVE-2026-41239

A flaw was found in DOMPurify. A remote attacker could exploit this cross-site scripting XSS vulnerability when DOMPurify is configured to return a Document Object Model DOM or DOM fragment. The SAFEFORTEMPLATES feature, intended to strip template expressions like ..., fails in these modes,...

CVE-2026-41238

A flaw was found in DOMPurify, a software library used to clean potentially malicious code from web content, preventing Cross-Site Scripting XSS attacks. A remote attacker could exploit a vulnerability related to 'prototype pollution' to bypass DOMPurify's security checks. This allows the attacke...

CLSA-2026-1777038917 subversion: Fix of CVE-2017-9800

CVE-2017-9800: fix arbitrary code execution via crafted svn+ssh:// URLs by validating the decoded hostinfo and adding an end-of-options guard to the default svn+ssh and example rsh tunnel commands...

OESA-2026-2001 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

[SECURITY] [DSA 6230-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6230-1 [email protected] https://www.debian.org/security/ Andres Salomon April 24, 2026 https://www.debian.org/security/faq -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2026:1607-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1607-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline...

CVE-2026-31669

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...