1086646 matches found
[SECURITY] [DSA 6351-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6351-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2026 https://www.debian.org/security/faq -...
Unsafe Dependency Resolution
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...
EUVD-2026-37930
In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...
CVE-2026-12390
CVE-2026-12390 affects AzeoTech DAQFactory versions 21.1 and prior. A Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files to achieve code execution. The available documents confirm the affected product and the underlying flaw mechanism, but do not provi...
CGA-4MWV-6XRJ-9CG9
Bulletin has no description...
CGA-CCX4-RJJQ-H4H8
Bulletin has no description...
Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities
CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...
Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)
Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...
Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier
Question Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression PCRE library used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
Question Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression PCRE libraries used in IBM Aspera Shares Application "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 CVSS v4 score: 9.2 - A use-after-free vulnerability in the ngxhttpv3module that...
CVE-2026-42530
A flaw was found in the ngxhttpv3module module of NGINX. When NGINX is configured to use the HTTP/3 QUIC module, an attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream and cause a use-after-free issue, potentially allowing code execution or a denial of service by...
Critical Unauthenticated Arbitrary File Deletion Vulnerability Patched in Avada Builder WordPress Plugin
On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin with an estimated 1,000,000 active installations. This vulnerability makes it possible for unauthenticated attackers to delete arbitrary...
USN-8454-1: libheif vulnerabilities
Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...
USN-8454-1 libheif vulnerabilities
Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...
CVE-2026-10687
This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix author, determined that the addressed defect does not apply to any released version of Zephyr: the affected code path exists only in unreleased development code, and no released branch is...
CVE-2025-27511
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...
USN-8451-1 vim vulnerabilities
Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...
EUVD-2026-37904
Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...