[SECURITY] [DSA 6290-1] nss security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6290-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq -...

Medium: nss

Issue Overview: Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150,...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

SUSE-SU-2026:1649-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized...

CVE-2026-6766

creationtimestamp| type| source ---|---|--- 2026-04-21 19:25:08+00:00| seen| Telegram/sOCPjtJD4k5MvWwp6dRuETsdkHJ60TzeO4tn1nY4b7uMQ 2026-04-21 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260422 2026-04-22 02:01:23+00:00| seen|...

CVE-2026-6766

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

DEBIAN-CVE-2026-6766

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6766

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6766

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

RockyLinux 9 : python3.9 (RLSA-2026:6766)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6766 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...

MiracleLinux 9 : libmicrohttpd-0.9.72-5.el9 (AXSA:2023-6766:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6766:01 advisory. libmicrohttpd: remote DoS CVE-2023-27371 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2016-6766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang ...

CVE-2025-6766

CVE-2025-6766 affects sfturing hosp_order (up to commit 627f426331da8086ce8fff2017d65b1ddef384f8). The vulnerability lies in OfficeServiceImpl.java:getOfficeName, where manipulation of the officesName argument enables SQL injection. Attacks can be initiated remotely, and public disclosure suggest...

CVE-2025-6766 sfturing hosp_order OfficeServiceImpl.java getOfficeName sql injection

A vulnerability was found in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. The atta...

CVE-2023-6766

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery...

CVE-2019-6766

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2024-6766

creationtimestamp| type| source ---|---|--- 2024-08-06 09:09:05+00:00| seen| https://t.me/cvedetector/2533...

CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

WordPress Shortcodes Ultimate Pro Plugin < 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.2.1 Fixed in 7.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6766 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db236be8a8b4 Credits Dmitrii Ignatyev...

CGA-6766-84RM-V4WQ

Bulletin has no description...