lodash 安全漏洞

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash has a security vulnerability, which stems from insufficient validation of the options.imports key name. This vulnerability could allow for the execution of arbitrary code during template compilation...

Linux kernel memory misreference vulnerability (CNVD-2026-16038)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a mix-up in the instruction responsible for freeing memory. An attacker could explo...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Pillow vulnerabilities (USN-8135-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8135-1 advisory. It was discovered that Pillow did not correctly handle reading J2K files, which could lead to an out-of- bounds read vulnerabilit...

CVE-2026-30290

CVE-2026-30290 affects InTouch Contacts & Caller ID APP v6.38.1. The flaw is an arbitrary file overwrite via the file import process, enabling overwrite of critical internal files and potentially enabling arbitrary code execution or information exposure. All sources consistently describe the vuln...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Base Plugins vulnerability (USN-8130-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8130-1 advisory. It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...

Multiple Mozilla Products Resource Management Error Vulnerability (CNVD-2026-16998)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A resource management error vulnerability exists in multiple Mozilla...

CVE-2026-30281

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-16999)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products,...

Funambol Zefiro Cloud 安全漏洞

Funambol Zefiro Cloud is a cloud platform provided by the US-based Funambol company, capable of integrating mobile data synchronization with cloud services. Version 32.0.2026011614 of Funambol Zefiro Cloud contains a security vulnerability. This vulnerability stems from an arbitrary file...

Zora 安全漏洞

Zora is a blockchain platform developed by Zora Company, designed for the issuance and trading of digital assets. Version 2.60.0 of Zora contains a security vulnerability. This vulnerability stems from an issue with arbitrary file overwriting during the file import process, which could lead to...

KLA90960 ACE vulnerability in Microsoft Browser

Use after free vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories CVE-2026-4676 Exploitation Related products Microsoft-Edge CVE list CVE-2026-4676 critical Solution Install necessary...

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability that stemmed from the reuse of CSS elements after they were released. This vulnerability could allow arbitrary code to be executed within a sandbox through...

VulnCheck KEV: CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

ROS-20260331-73-0001

A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-17913)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products, whi...

Integer Overflow Vulnerability in Multiple Mozilla Products (CNVD-2026-19991)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An integer overflow vulnerability exists in multiple Mozilla products,...

ALSA-2026:6300 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

RHEL 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:6259)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6259 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...