CVE Notify
19.1K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2026-12161
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host using stored elevation
credentials via a crafted alternate username and user interaction with
the Elevate Shell action.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12162
Improper host validation in the social login autofill feature in
Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to
disclose stored social login credentials via a crafted web entry
pointing to a provider lookalike domain.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-1766
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-1767
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12289
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12298
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12299
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12303
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12311
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12313
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12319
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12320
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12322
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-12323
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-24155
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-24228
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-39575
update_disk_psu_baseline.sh requires password in plain text

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-47748
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in src/model.cpp did not consistently check that enough input remained before reading opcode arguments or advancing the parser buffer with a crafted or truncated .ckpt file. Throughout the pickle parser, opcode handlers advanced the parser position with expressions such as buffer += N without first checking that buffer + N <= buffer_end. A truncated file could therefore cause reads past the end of the metadata buffer. LibFuzzer found crashes in under one second using malformed checkpoint inputs. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. This issue has been fixed in version master-584-0a7ae07. If developers are unable to immediately update their applications, they can work around this issue by ensuring they do not load .ckpt checkpoint files from untrusted sources. They should prefer trusted model sources and safer formats such as .safetensors where possible.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-47749
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the SHORT_BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. A malicious checkpoint file could cause heap corruption through memcpy with an attacker-controlled length. This may lead to process crash and could potentially be leveraged for code execution depending on heap layout. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by not loading .ckpt checkpoint files from untrusted sources, and referring to trusted model sources and safer formats such as .safetensors where possible.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2026-47927
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

๐ŸŽ–@cveNotify