CVE-2026-38940

Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detailproduk.php component...

CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

ALSA-2026:12285 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Mozilla Thunderbird < 150.0.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 150.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-38 advisory. - Information disclosure due to incorrect boundary conditions in the Audio/Video component. This...

RockyLinux 8 : firefox (RLSA-2026:10766)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10766 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScri...

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

GHSA-J2RX-4JG9-79MW Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type

Cockpit versions 2.13.5 and earlier are affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling...

GHSA-P46P-7PMJ-M34F Cockpit is vulnerable to directory traversal

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the isFileTypeAllowed function in the Bucket component. An attacker can execute arbitrary code on the server by renaming files with a .php extension through specially crafted filenames. This is only exploitable...

CVE-2026-38991

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code...

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.15

Red Hat OpenShift Service Mesh 2.6.15 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...

CLSA-2026-1777455968 exiv2: Fix of CVE-2026-27631

CVE-2026-27631: fix integer overflow in preview component of PSD image parser...

CVE-2026-7333

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493955227...

CVE-2026-7361

An use after free flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493221953...

CVE-2026-7355

An use after free flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498285711...

CVE-2026-7340

An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497896137...

CVE-2026-7360

An insufficient validation of untrusted input flaw was found in the Compositing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495852034...

CVE-2026-7358

An use after free flaw was found in the Animation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496285281...

CVE-2026-7359

An use after free flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496284494...