FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

CVE-2026-27303

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously craft...

CVE-2026-34615

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentiall...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

[slackware-security] proftpd

New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9a-i586-1slack15.0.txz: Upgraded. Fix for an SQL injection that may lead to authentication bypass, privilege escalation,...

RLSA-2026:10949 Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

vim security update

9.1.083-6.0.1.el101.4 - Remove upstream references Orabug: 31197557 2:9.1.083-6.4 - Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2...

PT-2026-35737

Name of the Vulnerable Software and Affected Versions Firefox ESR version 140.10.0 Firefox version 150.0.0 Description Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. Recommendations Update Firefox ESR to version...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerability (USN-8214-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8214-1 advisory. It was discovered that NLTK incorrectly handled file extraction when opening a maliciously...

PT-2026-35736

Name of the Vulnerable Software and Affected Versions Firefox version 150.0.0 Firefox ESR version 140.10.0 Firefox ESR version 115.35.0 Description Memory safety bugs exist that exhibit evidence of memory corruption, which could potentially be exploited to execute arbitrary code. Recommendations...

Security Vulnerabilities fixed in Firefox 150.0.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR...

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2029419%2C2029717%2C2029769%2C2029886 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

Mozilla Firefox ESR 缓冲区错误漏洞

Mozilla Firefox ESR is an extended support version of Firefox a web browser developed by the Mozilla Foundation in the United States. The Mozilla Firefox ESR 140.10.0 version and Firefox 150.0.0 version contain a buffer error vulnerability. This vulnerability stems from a memory security flaw,...

Security Vulnerabilities fixed in Firefox ESR 140.10.1 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR...

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2028537%2C2029911%2C2031121%2C2033602 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had code vulnerabilities. These vulnerabilities stemmed from incomplete host-env-security-policy.json files, which failed to restrict compiler binary environment variables. A...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Cast components after their release, which could allow attackers on the local network to execute...

CVE-2025-60889

The CVE-2025-60889 entry concerns StellarGroup HPX 1.11.0 and a vulnerability in insecure deserialization of untrusted input. Under certain conditions, this could allow an attacker to execute arbitrary code or cause other unspecified impacts. The documents do not provide specific vulnerable compo...

RockyLinux 9 : python3.11 (RLSA-2026:10774)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10774 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040 reports: Memory safety bugs. Some of these bugs showed evidenc...