[SECURITY] Fedora 42 Update: python3.14-3.14.3-2.fc42

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

CVE-2026-26928

CVE-2026-26928 affects SzafirHost. The vulnerability arises because the application does not verify the hash or the vendor’s digital signature for uploaded DLL/SO/JNILIB/DYLIB files, while JARs are checked. An attacker can supply a malicious dynamic library that is saved in the user’s temp folder...

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-26928

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

CVE-2026-34548

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...

CVE-2026-34555

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow SBO in CIccTagFixedNum::GetValues and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a...

CVE-2026-34546

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

Astra Linux – Vulnerability in Firefox

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

EUVD-2026-17761

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

EUVD-2026-17737

Buffer Over-read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.3x before 5.2...

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

CVE-2026-3775 Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

CVE-2026-3775

CVE-2026-3775 affects Foxit PDF Editor/Reader (update service) and is due to the update check loading system libraries from a path that includes user-writable directories, not restricted to trusted system locations. This allows a local attacker with low privileges to place a malicious library tha...

CVE-2026-2394

Buffer Over-read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.3x before 5.2...

CVE-2026-2394

RTI Connext Professional (Core Libraries) contains a Buffer Over-read vulnerability (CVE-2026-2394) affecting multiple older release families: 7.4.0–7.6.x (before 7.7.0), 7.0.0–7.3.1.1, 6.1.0–6.1.x, 6.0.0–6.0.x, 5.3.0–5.3.x, and 4.3.x–5.2.x. Root cause: overread of internal buffers in the Core Li...

CVE-2026-2394

Buffer Over-read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.3x before 5.2...

CVE-2026-2394 Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.

Buffer Over-read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.3x before 5.2...