206304 matches found
CVE-2026-12311
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
CVE-2026-12310
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12309
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12308
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12307
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12306
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12305
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12302
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2026-12304
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...
CVE-2026-49759
A flaw was found in Erlang OTP Open Telecom Platform erts, specifically within the inetdrv component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol SCTP ERROR chunk. This can lead to a...
CVE-2026-12329
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12328
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...
CVE-2026-12298
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Firefox ESR 140.12...
CVE-2026-12299
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...
CVE-2026-12297
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component...
CVE-2026-12296
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
CVE-2026-12295
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...
CVE-2026-12294
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component...
CVE-2026-12292
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Web Audio component...
CVE-2026-12291
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Networking: HTTP component...
CVE-2026-12290
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...
CVE-2026-12289
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component...
CVE-2026-46448
A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...
CVE-2026-12515
A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...
CVE-2026-48776
A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...
CVE-2026-12528
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...
CVE-2026-12199
A flaw was found in the nltk component, specifically in the nltk.app.wordnetapp. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the WordNet Browser HTTP server when it is running in its default mode. This allows the attacker to...
CVE-2026-50559
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
CVE-2026-48775
A flaw was found in LangGraph. This vulnerability allows an attacker with high privileges and adjacent network access to modify checkpoint data. By manipulating these stored checkpoint bytes, an attacker can trigger insecure deserialization, leading to arbitrary code execution when the checkpoint...
CVE-2026-50632
A flaw was found in Apache CXF. This vulnerability, stemming from an incomplete fix for a previous issue, allows untrusted users who can configure Java Message Service JMS for Apache CXF to achieve arbitrary code execution. This could lead to a complete compromise of the affected system. Mitigati...
CVE-2026-12491
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...
CVE-2026-46286
A flaw was found in the Linux kernel's qcom-lpg LED driver. This vulnerability, an array overflow, occurs when the driver attempts to select high-resolution values. Due to incorrect indexing, the system may read random data from memory, which could lead to information disclosure or unpredictable...
CVE-2026-7774
A flaw was found in the tarfile.datafilter function within the Python tarfile module. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive containing malicious link entries, such as symlinks with empty or directory-like names. This bypass allows the...
CVE-2026-48782
A flaw was found in Pydantic AI, where its cloud-metadata blocklist could be bypassed. This vulnerability allows an attacker to expose cloud IAM Identity and Access Management short-term credentials. The bypass occurs when an application using Pydantic AI is configured to allow local file downloa...
CVE-2026-49218
A flaw was found in ImageMagick. A missing check in the DCM Digital Imaging and Communications in Medicine decoder allows a remote attacker to provide a specially crafted image with invalid dimensions. This can lead to crashes in other operations, resulting in a denial of service DoS for the...
CVE-2026-53460
A flaw was found in ImageMagick. A remote attacker could exploit a missing check for maximum memory requests in the AcquireAlignedMemory function, leading to an out-of-memory condition. This vulnerability could result in a Denial of Service DoS, making the affected system or application...
CVE-2026-53461
A flaw was found in ImageMagick. An incorrect loop in the ICON decoder can lead to an out-of-bounds heap write. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted image file, leading to a system crash. Mitigation Red Hat is not aware of a...
CVE-2026-53441
A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...
CVE-2026-48858
A flaw was found in Erlang/OTP's FTP File Transfer Protocol client, specifically within the ftpinternal module. A remote attacker, by operating a malicious or compromised FTP server, could exploit an unvalidated IP address in the server's passive mode PASV response. This vulnerability, known as...
CVE-2026-46331
A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...
CVE-2026-10649
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...
CVE-2026-12398
A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...
CVE-2026-54421
A flaw was found in OpenStack Ironic. When an authorized user applies a PATCH operation to update volume properties, the system can inadvertently expose sensitive information, such as iSCSI credentials. This information disclosure vulnerability allows an attacker to gain access to credentials tha...
CVE-2026-6039
A flaw was found in LibreOffice. This vulnerability, a heap buffer overflow, occurs when processing specially crafted DXF Drawing Exchange Format polyline files. An attacker could exploit this by convincing a user to open a malicious DXF file, which may lead to a denial of service DoS due to...
CVE-2026-10275
A flaw was found in OpenSC, specifically within the pkcs11-tool Key Generation Module. This vulnerability, located in the testkpgencertwrite function, is a buffer overflow that can be triggered remotely. A remote attacker could exploit this flaw, potentially leading to information disclosure, dat...
CVE-2026-46655
A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VIOSockSelect with a maliciously crafted request that causes an integer overflow. This allows the process to circumvent bounds checking, resulting in a heap overflow in the NonPagedPool kernel heap...
CVE-2026-54411
A flaw was found in Linux-PAM's pamuserdb module. This vulnerability, categorized as an Observable Timing Discrepancy CWE-208, allows a local or network-adjacent attacker to recover plaintext passwords. By repeatedly attempting authentication and measuring response-timing differences during...
CVE-2026-53438
A flaw was found in Jenkins. A missing permission check allows an attacker, who has 'Item/Cancel' permission but lacks 'Item/Read' permission, to cancel queue items they are not authorized to view. This could lead to unauthorized disruption of queued tasks within Jenkins...
CVE-2026-54133
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...
CVE-2026-6045
A flaw was found in LibreOffice. A heap buffer overflow exists when importing EMF+ graphics, which may be embedded in documents. An attacker could exploit this by convincing a user to open a specially crafted document. This could lead to denial of service or memory corruption, potentially allowin...