CVE-2026-5735

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird...

CVE-2026-5734

CVE-2026-5734 involves memory safety bugs in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1, and Thunderbird 149.0.1. These bugs include memory corruption evidence and are associated with potential arbitrary code execution if exploited. Affected products include Firefox < 149.0....

CVE-2026-5734

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was...

CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

CVE-2026-5731

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

CVE-2026-5731

CVE-2026-5731 refers to memory-safety bugs across Mozilla Firefox/Thunderbird products. The initial entry lists memory corruption possibilities in Firefox ESR 115.34.0 and 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1, and Thunderbird 149.0.1, with fixes in Firefox 149.0.2, Firefox ESR 115.34...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

RLSA-2026:5602 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update is available for gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-plugins-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

vim security update

An update is available for vim. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

Arbitrary Code Injection

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with ...

GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...