USN-8156-1 gdk-pixbuf vulnerability

It was discovered that GDK-PixBuf incorrectly handled certain JPEG files. An attacker could use this issue to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-5208

Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...

CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

CVE-2026-5735

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...

CVE-2026-5734

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...

CVE-2026-5731

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

CVE-2026-33273

CVE-2026-33273 affects MATCHA INVOICE, versions 2.6.6 and earlier. The issue is an unrestricted upload vulnerability (CWE-434) that could allow an administrator to create arbitrary files on the server, potentially enabling arbitrary code execution. Public reports in JVN, NVD, CVE records, and thi...

CVE-2026-33273

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

GHSA-3G6G-GQ4R-XJM9 Emissary has GitHub Actions Shell Injection via Workflow Inputs

Summary Three GitHub Actions workflow files contained 10 shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could inject arbitrary shell commands, leading to reposito...

Red Hat Quay 代码问题漏洞

Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has code-related vulnerabilities. These vulnerabilities arise from the possibility of tampering with the...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...

PT-2026-31297

Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description A command injection issue exists in alerts within CoolerControl/coolercontrold. Authenticated attackers can execute arbitrary code as root by injecting bash commands into alert...

Memory Corruption Vulnerability in Multiple Mozilla Products (CNVD-2026-16994)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory corruption vulnerability exists in multiple Mozilla products,...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository 3.90.2 and earlier contain security vulnerabilities. These vulnerabilities stem from...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from SWIG filenames marked with the "go" label and containing carefully crafted malicious...

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior versions of the TP-Link Archer AX53, including v1.0, 1.7.1 Build 20260213, contained security vulnerabilities. These vulnerabilities were caused by a stack-based buffer overflow in the tmpServer module, which cou...