CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution

A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash,...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries

Overview LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-32679 This...

SUSE CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6785

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

CVE-2026-6784

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution

A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash,...

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...

PT-2026-34457

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that...

PT-2026-35428

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the xml2js library used to parse XML request bodies in the webhook handler allows prototype pollution via a crafted XML payload...

SUSE SLES12 Security Update : libpng15 (SUSE-SU-2026:1500-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1500-1 advisory. - CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can lead to information disclosure and data corruption bsc1261957. -...

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from incomplete repairs in the test.php file, which did not clean up the...

PT-2026-34329

Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...

LizardSystems LanSpy 缓冲区错误漏洞

LizardSystems LanSpy is a local area network information scanning tool developed by LizardSystems Corporation. The version LizardSystems LanSpy 2.0.1.159 contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow occurring during the scanning process, which ma...

RHEL 10 : thunderbird (RHSA-2026:9638)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:9638 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-fr...

RHEL 7 / 8 / 9 : Java 11 OpenJDK ELS Security Update (Important) (RHSA-2026:9254)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9254 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This...