PT-2026-48569

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description A missing check for maximum memory request in the AcquireAlignedMemory function can trigger an out-of-memory condition, leading to a denial of service...

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 CVSS score: 8.8, has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and...

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by excessive memory access in the Skia component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through...

CVE-2026-9893

An use after free flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513972075...

USN-8346-1: Texmaker vulnerabilities

It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

USN-8345-1 gdal vulnerability

It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

Astra Linux - уязвимость в linux, linux-5.10

A memory flaw after deallocation was discovered in the Linux kernel’s garbage collection for Unix domain socket file handlers. This flaw occurs when users call close and fget simultaneously, potentially triggering a race condition. This flaw allows a local user to crash the system or escalate the...

ROS-20260520-73-0029

A vulnerability in the Blink rendering engine of Google Chrome and Microsoft Edge browsers is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected...

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

CVE-2026-28902

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...

Apple多款产品 安全漏洞

Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Astra Linux - уязвимость в linux

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algifaead to stay secure...

firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Graphics: Canvas2D component...

USN-8166-1 retroarch vulnerability

It was discovered that RetroArch did not correctly handle certain memory operations, which could lead to a buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary...

Microsoft Edge (Chromium) < 146.0.3856.62 (CVE-2026-3909)

The version of Microsoft Edge installed on the remote Windows host is prior to 146.0.3856.62. It is, therefore, affected by a vulnerability as referenced in the March 16, 2026 advisory. - Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out ...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2026-1518)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-20050

The CVE-2026-20050 affects Cisco Secure Firewall Threat Defense (FTD) Software, specifically the Do Not Decrypt exclusion feature in the SSL decryption function. The issue arises from improper memory management when inspecting TLS 1.2 encrypted traffic, allowing an unauthenticated, remote attacke...