Debian dsa-6205 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6205 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6205-1 [email protected]...

iTerm2 < 3.6.10 / < 3.7.0beta1 Arbitrary Code Execution (CVE-2026-41253)

The version of iTerm2 installed on the remote host is prior to 3.6.10, or prior to 3.7.0beta1. It is, therefore, affected by an arbitrary code execution vulnerability: - Displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19429)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

(0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper...

CivetWeb 代码问题漏洞

CivetWeb is an open-source web server developed by Civetweb, designed to be easy to use, powerful, and capable of being embedded in C/C++. It offers optional support for CGI, SSL, and Lua. Version 1.16 of CivetWeb contains a code vulnerability. This vulnerability stems from search paths in servic...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

RockyLinux 9 : openexr (RLSA-2026:8888)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8888 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block direct...

Security Vulnerabilities fixed in Thunderbird 140.10 — Mozilla

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety...

Microsoft Office Code Execution Vulnerability (CNVD-2026-19434)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

SUSE CVE-2026-32107

xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary co...

kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution

A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash,...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the kissfftndralloc function due to improper allocation size calculation when handling crafted dimension values. An attacker can execute arbitrary code or cause a denial of service by supplying speciall...

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

EUVD-2026-23879

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

CVE-2026-26951

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this...

Security update for libpng15

This update for libpng15 fixes the following issues: CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can lead to information disclosure and data corruption bsc1261957. CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary co...

Arbitrary Code Injection

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...

libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for...

CVE-2026-40342

A flaw was found in Firebird, an open-source relational database management system. An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in the external engine plugin loader. This allows an attacker to use a crafted engine name to load an arbitrary shar...