2550 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-8093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul...
pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...
CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...
USN-8241-1 coin3 vulnerabilities
It was discovered that Expat, vendored in Coin3D incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
PT-2026-39181
Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...
Security Vulnerabilities fixed in Firefox ESR 140.10.2 — Mozilla
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
PT-2026-37257
Name of the Vulnerable Software and Affected Versions Kimai versions 2.27.0 through 2.53.x Description Users with ROLE USER privileges can create a tag containing a formula string such as =SUM54+51 via the 'POST /api/tags' endpoint and assign it to a timesheet. The ArrayFormatter.formatValue...
GHSA-Q4PH-8X8G-95F8 AzuraCast Vulnerable to Liquidsoap Code Injection via Incomplete cleanUpString-to-toRawString Migration in Remote Relay Password Field
Summary The cleanUpString method in ConfigWriter.php uses an ungreedy regex to strip Liquidsoap string interpolation patterns ... from user input. This regex can be bypassed via nested interpolation syntax EXPR, allowing injection of arbitrary Liquidsoap code. Commit ff49ef4 migrated most...
Astra Linux – Vulnerability in Vim
“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...
libtiff security update
An update is available for libtiff. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...
[SECURITY] [DSA 6239-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6239-1 [email protected] https://www.debian.org/security/ Andres Salomon May 01, 2026 https://www.debian.org/security/faq -...
CVE-2026-6644
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...
JLSEC-2026-293
HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...
Linux Distros Unpatched Vulnerability : CVE-2026-7323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with...
CVE-2026-41384
OpenClaw prior to 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows malicious workspace configs to inject environment variables into the spawned backend process, enabling code execution or sensitive data exposure. Affected package: openclaw (...
CVE-2026-41525
A flaw was found in KDE Dolphin. This vulnerability allows applications operating within a Flatpak or AppArmor sandbox to bypass security restrictions. By exploiting the FileManager1 protocol, a malicious application can prompt users to open files, including scripts or executables, located outsid...
CVE-2025-60889
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts...
EUVD-2026-26003
KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...
PT-2026-35754
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution...