ALSA-2026:6259 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

KLA90963 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Base Plugins vulnerability (USN-8130-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8130-1 advisory. It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...

CVE-2026-30290

CVE-2026-30290 affects InTouch Contacts & Caller ID APP v6.38.1. The flaw is an arbitrary file overwrite via the file import process, enabling overwrite of critical internal files and potentially enabling arbitrary code execution or information exposure. All sources consistently describe the vuln...

Linux kernel memory misreference vulnerability (CNVD-2026-16038)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a mix-up in the instruction responsible for freeing memory. An attacker could explo...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Pillow vulnerabilities (USN-8135-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8135-1 advisory. It was discovered that Pillow did not correctly handle reading J2K files, which could lead to an out-of- bounds read vulnerabilit...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the Web MIDI component. An attacker coul...

Funambol Zefiro Cloud 安全漏洞

Funambol Zefiro Cloud is a cloud platform provided by the US-based Funambol company, capable of integrating mobile data synchronization with cloud services. Version 32.0.2026011614 of Funambol Zefiro Cloud contains a security vulnerability. This vulnerability stems from an arbitrary file...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2026-16999)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory misreference vulnerability exists in multiple Mozilla products,...

CVE-2026-30281

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Multiple Mozilla Products Resource Management Error Vulnerability (CNVD-2026-16998)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A resource management error vulnerability exists in multiple Mozilla...

Zora 安全漏洞

Zora is a blockchain platform developed by Zora Company, designed for the issuance and trading of digital assets. Version 2.60.0 of Zora contains a security vulnerability. This vulnerability stems from an issue with arbitrary file overwriting during the file import process, which could lead to...

VulnCheck KEV: CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2026-19989)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

KLA90960 ACE vulnerability in Microsoft Browser

Use after free vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories CVE-2026-4676 Exploitation Related products Microsoft-Edge CVE list CVE-2026-4676 critical Solution Install necessary...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability that stemmed from the reuse of CSS elements after they were released. This vulnerability could allow arbitrary code to be executed within a sandbox through...

ROS-20260331-73-0001

A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Code execution vulnerability in multiple Mozilla products (CNVD-2026-17002)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products. The...

Foxit Reader List Box Calculate Array Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2026-2365 Foxit Reader List Box Calculate Array Use-After-Free Vulnerability March 31, 2026 CVE Number CVE-2026-3779 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicio...