ROS-20260609-73-0026

Vulnerability of Audio/Video components: Mozilla Firefox, Firefox ESR, and Thunderbird’s email client use web codecs. This vulnerability is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Elixir -- Denial of service via unbounded integer parsing in Version

PJUllrich reports: The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion...

EUVD-2026-35159

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

frr: denial of service via crafted FlowSpec component

A flaw was found in FRRouting FRR. A remote attacker can exploit an off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function by supplying a specially crafted FlowSpec component. This issue can lead to a Denial of Service DoS...

VMware Cloud Foundation Operations 安全漏洞

VMware Cloud Foundation Operations is a private cloud operations management platform provided by the American company VMware. There is a security vulnerability in VMware Cloud Foundation Operations. This vulnerability stems from multiple storage-based cross-site scripting vulnerabilities, which...

Server-side Request Forgery (SSRF)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Research Repository !License: MIThttps://i...

CVE-2026-21029

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21027

Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...

CVE-2026-9264

A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...

CVE-2026-44279

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via...

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

CVE-2026-44468

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

CVE-2024-42206

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...