CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-4476 Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...

Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

PT-2026-20319

Name of the Vulnerable Software and Affected Versions Apache Arrow C++ versions 15.0.0 through 23.0.0 Description A use-after-free issue exists in Apache Arrow C++ when reading an Arrow IPC file with pre-buffering enabled, if the file contains data with variadic buffers like Binary View and Strin...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

MGASA-2026-0014 Updated thunderbird packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

ROS-20260120-73-0004

A vulnerability in the ipcmsgsendrequest function of the fs/smb/server/transportipc.c module of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-23733

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: MFSA 2026-05 bsc1256340: CVE-2026-0877: Mitigation bypass in the DOM in Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics in CanvasWebGL component CVE-2026-0879: Sandbox escape due t...

CVE-2026-23733

LobeChat desktop (open source) is affected by a stored XSS in the Mermaid artifact renderer prior to version 2.0.0-next.180. The XSS can be escalated to Remote Code Execution (RCE) by abusing the exposed electronAPI IPC bridge, enabling arbitrary system commands in the victim’s machine. Version 2...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

CVE-2026-0882 Use-after-free in the IPC component

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

Quest KACE Desktop Authority 安全漏洞

Quest KACE Desktop Authority is a user environment management software from Quest Corporation. A security vulnerability exists in Quest KACE Desktop Authority versions 11.3.1 and earlier, which stems from insecure named pipe permissions used for inter-process communication...