CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

CVE-2026-45447 is a heap use-after-free in OpenSSL PKCS7_verify triggered when SignedData digestAlgorithms is an empty ASN.1 SET, risking process crashes, heap corruption, or remote code execution. It affects applications processing PKCS#7/S/MIME with OpenSSL PKCS#7 APIs (CMS APIs are not affecte...

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

CVE-2026-0409

Summary: CVE-2026-0409 affects NETGEAR Orbi 370 series devices prior to version 12.1.2.7. A remote attacker who can intercept and tamper with traffic between the router and the Internet can trigger a remote command execution when the device administrator performs certain management actions. This ...

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort som...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-10520

Ivanti Sentry (formerly MobileIron Sentry) is affected by CVE-2026-10520, an OS Command Injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary commands as root. The issue resides in the ConfigServiceController via the unauthenticated POST to /mics/api/v2/sentr...

Description of the security update for Excel 2016: June 9, 2026 (KB5002877)

Description of the security update for Excel 2016: June 9, 2026 KB5002877 Summary This security update resolves Microsoft Excel remote code execution vulnerability and Microsoft Excel Information Disclosure vulnerability. To learn more about the vulnerabilities, see the following security...

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

Windows Kernel Remote Code Execution Vulnerability

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...

Windows Kerberos Key Distribution Center (KDC) Remote Code Execution

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...

Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Excel Remote Code Execution Vulnerability

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...