38498 matches found
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
PT-2026-33966
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description A denial-of-service issue exists in the Audio/Video: Playback component. Recommendations Update to version 150 Update to version 150...
PT-2026-33957
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10 Description A mitigation bypass exists within the DOM Security component. Recommendations Update to versi...
PT-2026-33946
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description A mitigation bypass exists in the Networking: Cookies component. Recommendations Update to version 150 for Firefox. Update to version 150 for Thunderbird...
Linux Distros Unpatched Vulnerability : CVE-2026-6761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2021770 reports: Incorrect boundary conditions in the WebRTC: Networking component...
Mozilla -- Uninitialized memory
https://bugzilla.mozilla.org/showbug.cgi?id=2025883 reports: Uninitialized memory in the Audio/Video: Web Codecs component...
Mozilla -- Information disclosure
https://bugzilla.mozilla.org/showbug.cgi?id=2022610 reports: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component...
Mozilla -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2016915 reports: Mitigation bypass in the DOM: Security component...
Mozilla -- Privilege escalation in the Debugger component
https://bugzilla.mozilla.org/showbug.cgi?id=2023753 reports: Privilege escalation in the Debugger component...
Mozilla -- Information disclosure in the IP Protection component
https://bugzilla.mozilla.org/showbug.cgi?id=2026571 reports: Information disclosure in the IP Protection component...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2026089 reports: Incorrect boundary conditions in the Libraries component in NSS...
Mozilla -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2025067 reports: Mitigation bypass in the DOM: Security component...
Mozilla -- Privilege escalation
https://bugzilla.mozilla.org/showbug.cgi?id=2017857 reports: Privilege escalation in the Networking component...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...
Mozilla -- Mitigation bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2023615 reports: Mitigation bypass in the Networking: Cookies component...
Mozilla -- Incorrect boundary conditions
https://bugzilla.mozilla.org/showbug.cgi?id=2023207 reports: Incorrect boundary conditions in the Libraries component in NSS...
EUVD-2026-23823
A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...
EUVD-2026-23824
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2026-6636 p2r3 convert API buildCache.js Bun.serve path traversal
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...