205314 matches found
CVE-2026-6785
CVE-2026-6785 affects memory-safety bugs in Mozilla Firefox/Thunderbird components across Firefox ESR 115.34, ESR 140.9, Thunderbird ESR 140.9, Firefox 149, and Thunderbird 149. The issues potentially allow memory corruption and could enable arbitrary code execution; Mozilla fixed these bugs in F...
openexr security update
An update is available for openexr. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenEXR is an open-source high-dynamic-range floating-point image file format...
RLSA-2026:8888 Important: openexr security update
OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...
Silex Technology SD-330AC and AMC Manager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Arbitrary Code Injection
protobufjs is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of the "type" field in protobuf definitions, which allows an attacker to inject and execute arbitrary code during object decoding...
KLA90997 Multiple vulnerabilities in Oracle Java
Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerabilit can be exploited to cause...
Microsoft Excel Code Execution Vulnerability (CNVD-2026-19428)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
PT-2026-34180
Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...
Security Vulnerabilities fixed in Firefox ESR 115.35 — Mozilla
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=1536243%2C1745382%2C1851073%2C1893400%2C1963301%2C2001319%2C2002899%2C2012436%2C2014435%2C2016901%2C2019916%2C2020486%2C2020612%2C2020817%2C2021788%2C2022051%2C2022367%2C2022431%2C2023302%2C2023670%2C2024225%2C2024238%2C2024240%2C2024265%2C2024367%2C...
Lawnchair 安全漏洞
Lawnchair is an open-source Android desktop launcher developed by Lawnchair, featuring highly customizable features and Pixel functionality. Lawnchair has a security vulnerability, which stems from command injection in the releaseupdate.yml workflow scheduling input, potentially allowing arbitrar...
Microsoft Office PowerPoint Code Execution Vulnerability
Microsoft Office PowerPoint is an American Microsoft Microsoft company's software for creating, presentations PPT. A code execution vulnerability exists in Microsoft Office PowerPoint, which can be exploited by an attacker to execute arbitrary code on a system...
PT-2026-33989
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:Program FilesCivetWebCivetWeb.e...
MiracleLinux 9 : openexr-3.1.1-3.el9_7.1 (AXSA:2026-479:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-479:01 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block...
Mozilla -- Memory safety bugs
https://bugzilla.mozilla.org/buglist.cgi?bugid=2010727%2C2019004%2C2019224%2C2019547%2C2020378%2C2022381%2C2022608%2C2022785%2C2023120%2C2023128%2C2023140%2C2023279%2C2023836%2C2023882%2C2023925%2C2023950%2C2023959%2C2023965%2C2024243%2C2024245%2C2024247%2C2024253%2C2024346%2C2024357%2C2024416%2C...
Security Vulnerabilities fixed in Thunderbird 150 — Mozilla
Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...
Microsoft Excel Code Execution Vulnerability (CNVD-2026-19430)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
PT-2026-33971
Name of the Vulnerable Software and Affected Versions Firefox ESR version 115.34 Firefox ESR version 140.9 Thunderbird ESR version 140.9 Firefox version 149 Thunderbird version 149 Description Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code...
Debian dsa-6205 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6205 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6205-1 [email protected]...
iTerm2 < 3.6.10 / < 3.7.0beta1 Arbitrary Code Execution (CVE-2026-41253)
The version of iTerm2 installed on the remote host is prior to 3.6.10, or prior to 3.7.0beta1. It is, therefore, affected by an arbitrary code execution vulnerability: - Displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious...