Fedora 44 : jpegxl (2026-aa2e960a9f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-aa2e960a9f advisory. Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837. Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Tenable ha...

CVE-2026-1837

creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...

MAL-2026-1837 Malicious code in react-query-core-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bce94f40a0e1879b184cd9f5abb5f4850d66aa5705b231b41337c2e2e33a3de The package react-query-core-utils was found to contain malicious code...

OPENSUSE-SU-2026:20385-1 Security update for libjxl

This update for libjxl fixes the following issues: Update to libjxl 0.11.2: - CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory bsc1258090. - CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to...

Important: firefox

Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...

Amazon Linux 2023 : firefox (ALAS2023-2026-1469)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)

The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...

Important: jpegxl

Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...

libjxl-devel-0.11.2-1.1 on GA media (moderate)

libjxl-devel-0.11.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10271-1 Rating: moderate Cross-References: CVE-2026-1837 CVSS scores: CVE-2026-1837 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-1837 SUSE : 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:...

CVE-2026-1837

An out of bounds write has been discovered in libjxl. A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color...

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

Linux Distros Unpatched Vulnerability : CVE-2026-1837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized...

Oracle Linux 10 : osbuild-composer (ELSA-2026-1837)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1837 advisory. - Ensure build on latest golang: CVE-2024-34156 - Rebuilt to fix: - CVE-2025-58183 - RHEL-125637 Tenable has extracted the preceding description block directly...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2020-1837

ChangXiang 8 Plus with versions earlier than 9.1.0.136C00E121R1P6T8 have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal...

Linux Distros Unpatched Vulnerability : CVE-2016-1837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS befor...

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658 - libxml2: Missing validation...

RHEL 6 / 7 : rh-maven33-plexus-archiver and rh-maven35-plexus-archiver (RHSA-2018:1837)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1837 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications c...

CVE-2008-1837

creationtimestamp| type| source ---|---|--- 2024-03-25 11:49:23+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3889 2024-03-25 14:38:09+00:00| seen| Telegram/HKj6TR4hMohrGsEUcNFDijNGdim3MCZhggfzha3EYtXw 2024-03-25 14:38:09+00:00| seen| https://t.me/tengkorakcybercrewz/4400 2024-03-25...

1837.qc.ca Cross Site Scripting vulnerability OBB-3776196

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...