Gravity 安全漏洞

Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...

RockyLinux 10 : openexr (RLSA-2026:7682)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7682 advisory. openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing CVE-2026-27622 Tenable has extracted the preceding description block...

PT-2026-33221

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity vm exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity fiber reassi...

Google Chrome Media Component Out-of-Bounds Read Vulnerability

Google Chrome is a web browser developed by Google. An out-of-bounds read vulnerability exists in the Media component of Google Chrome. The vulnerability stems from a failure of the Media component to properly handle certain UI gestures and can be exploited by an attacker to execute arbitrary cod...

Snowflake Cortex Code CLI 安全漏洞

Snowflake Cortex Code CLI is an open-source command-line development tool provided by Snowflake. Versions of Snowflake Cortex Code CLI prior to 1.0.25 contained security vulnerabilities. These vulnerabilities were due to improper validation of bash commands, which could allow attackers to execute...

Google Chrome Cast Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. Google Chrome suffers from a memory misreference vulnerability. The vulnerability stems from a failure of the Cast component to properly handle memory objects and can be exploited by an attacker to execute arbitrary code via a specially crafted...

Simopro WinMatrix 安全漏洞

Simopro WinMatrix is an industrial control software developed by Simopro Company in Taiwan, China. Simopro WinMatrix has a security vulnerability that stems from the lack of authentication, which may allow for the execution of arbitrary code...

Google Chrome Permissions Component Memory Misreference Vulnerability

Google Chrome on Android is an American web browser for Android by Google. A memory misreference vulnerability exists in the Google Chrome Permissions component, which can be exploited by an attacker to execute arbitrary code via specially crafted HTML pages...

PT-2026-33248

Name of the Vulnerable Software and Affected Versions WinMatrix agent affected versions not specified Description A missing authentication flaw allows authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine. This issue can lead to privilege escalation...

IBM Langflow Desktop Deserialization Vulnerability

IBM Langflow Desktop is an AI process orchestration desktop application from International Business Machines IBM. A deserialization vulnerability exists in IBM Langflow Desktop versions 1.8.2 and earlier. The vulnerability stems from an insecure default setting that allows deserialization of...

Google Chrome Turbofan Type Obfuscation Vulnerability

Google Chrome is a web browser developed by Google. A type confusion vulnerability exists in Google Chrome's Turbofan compiler. The vulnerability stems from Turbofan's failure to properly handle types in certain JavaScript code, which can be exploited by an attacker to execute arbitrary code in t...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

EUVD-2026-23098

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution

A flaw was found in the Linux kernel's bonding module. This use-after-free vulnerability occurs when a new slave device is added to the bonding array but fails during the enslave process. A local attacker can exploit this by triggering the enslave failure, which may lead to a system crash,...

CVE-2026-31048

An issue in the pickle protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message...

CVE-2026-6385 Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

CVE-2026-6385

FFmpeg vulnerability CVE-2026-6385: a signed integer overflow in the DVD subtitle parser’s fragment reassembly bounds checks can cause a heap out-of-bounds write when processing specially crafted MPEG-PS/VOB media with a malicious DVD subtitle stream. Impact includes denial of service via applica...

CVE-2026-6384 Gimp: gimp: arbitrary code execution or denial of service via buffer overflow in gif image processing

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...