CVE-2026-24869

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2...

CVE-2026-24869

CVE-2026-24869 documents a Use-after-free in Firefox’s Layout: Scrolling and Overflow component, affecting Firefox versions earlier than 147.0.2. The vulnerability is described in multiple sources as a use-after-free issue with potential impact to memory safety in that UI/layout area. Nessus/Free...

[SECURITY] Fedora 43 Update: mingw-harfbuzz-11.5.1-2.fc43

HarfBuzz is an implementation of the OpenType Layout engine...

PT-2026-4958

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox 147.0.2...

KLA90858 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Layout: Scrolling and Overflo...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability due to a use-after-release in the Layout: Scroll and Overflow component. An attacker can exploit this vulnerability to execute arbitrary code...

Security Vulnerabilities fixed in Firefox 147.0.2 — Mozilla

CVE-2026-24868: Mitigation bypass in the Privacy: Anti-Tracking component Reporter Masato Kinugawa Impact moderate References Bug 2007302 CVE-2026-24869: Use-after-free in the Layout: Scrolling and Overflow component Reporter Hiroyuki Ikezoe Impact high References Bug 2008698...

Firefox -- Multiple vulnerabilities

https://bugzilla.mozilla.org/showbug.cgi?id=2007302 reports: Mitigation bypass in the Privacy: Anti-Tracking component. Use-after-free in the Layout: Scrolling and Overflow component...

[SECURITY] Fedora 42 Update: mingw-harfbuzz-10.2.0-3.fc42

HarfBuzz is an implementation of the OpenType Layout engine...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut contain a local privilege escalation in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys) for versions ending in 1.0.2.2 and 2.0.2.2 and earlier. The driver allocates a 128-byte non-paged pool buffer; on IOCTL 0x222060 it maps that buffer into u...

CVE-2026-22801

A flaw was found in libpng, a reference library for PNG Portable Network Graphics raster image files. An integer truncation vulnerability exists in the pngwriteimage16bit and pngwriteimage8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row...

MiracleLinux 7 : kernel-3.10.0-693.el7 (AXSA:2017-1758:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1758:07 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security issues fixed with this release: CVE-2016-10200...

[SECURITY] Fedora 43 Update: harfbuzz-11.5.1-2.fc43

HarfBuzz is an implementation of the OpenType Layout engine...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001273 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001290 advisory. The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003650 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002649 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

EUVD-2026-2755

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...