Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-122 (ALASDOCKER-2026-122)

The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-122 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

Astra Linux - уязвимость в firefox

In some cases, JIT-compiled code might have dereferenced a wild pointer value. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 122. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of Firefox prior to 123...

Astra Linux - уязвимость в firefox

The WebAudio OscillatorNode object was vulnerable to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox versions less than 122...

Astra Linux - уязвимость в firefox, thunderbird

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

Astra Linux - уязвимость в firefox, thunderbird

A Linux user who opened the print preview dialog box could have caused the browser to crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

CVE-2025-61624

creationtimestamp| type| source ---|---|--- 2026-04-14 04:00:00+00:00| exploited| https://fortiguard.fortinet.com/psirt/FG-IR-26-122...

PT-2026-21564

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions prior to 1.2.8 Description The go-upf component of free5GC, a User Plane Function UPF implementation for 5G networks, contains a Heap-based Buffer Overflow. A specially crafted PFCP Session Modification Request with an...

Next.js - Critical - Access bypass - SA-CONTRIB-2025-122

This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...

Fortinet FortiWeb Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memor...

Malicious code in riyanto-122 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e7d3edbf65a44f158f66ac57ca605601a05c017d8ebc6e0bf846884dd073fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-57740

CVE-2025-57740 describes a heap-based buffer overflow (CWE-122) in FortiOS (multiple branches) and FortiPAM/FortiProxy, where an authenticated user may cause code execution via crafted RDP bookmark requests. Affected: FortiOS 7.6.2 and below, 7.4.7 and below, 7.2.10 and below, 7.0 all versions, 6...

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.

...

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.

...

OSV-2025-619 Heap-buffer-overflow in webvtt_domnode_SelectNodesInTree

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437537868 Crash type: Heap-buffer-overflow READ 1 Crash state: webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree webvttdomnodeSelectNodesInTree...

Linux Distros Unpatched Vulnerability : CVE-2024-1553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that...

Linux Distros Unpatched Vulnerability : CVE-2024-0753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2024-0749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox...

Linux Distros Unpatched Vulnerability : CVE-2024-0747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

Linux Distros Unpatched Vulnerability : CVE-2024-0742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent...