Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2014596 reports: Use-after-free in the DOM: Core & HTML component...

goshs 安全漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained security vulnerabilities, which stemmed from the ArtiPACKED issue. This vulnerability could potentially lead to the disclosure of GITHUBTOKEN through workflow components...

[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

PT-2026-34087

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007025)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007025 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in sesintfremove A fix for: BUG: KASAN: slab-out-of-bounds in...

ALSA-2026:9345 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

Mozilla -- Spoofing issue

https://bugzilla.mozilla.org/showbug.cgi?id=2021080 reports: Spoofing issue in the DOM: Core & HTML component...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-8188-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8188-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the agent hook event processing. An attacker can escalate privileges by supplying craft...

app.cash.backfila:client-misk-hibernate (>=2025.05.13.195510-03b951f <=2026.03.26.140500-911435f), app.cash.backfila:service (>=2025.05.13.195510-03b951f <=2026.03.26.140500-911435f) +1011 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpg-jdk18on MAVEN version =1.71, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =1.0.0, =1.0.0, =1.1, =1.5.0, =0.1.0, =4.0.0, =7.0.0 and more Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...

[SECURITY] Fedora 44 Update: plasma-workspace-6.6.4-1.fc44

Plasma 6 libraries and runtime components...

[SECURITY] Fedora 44 Update: plasma5support-6.6.4-1.fc44

Support components for porting from KF5/Qt5 to KF6/Qt6...

[SECURITY] Fedora 44 Update: kscreenlocker-6.6.4-1.fc44

Library and components for secure lock screen architecture...

flowise (>=2.0.0 <=2.2.8) potentially affected by CVE-2026-41274 via flowise-components (=2.2.8)

flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: CVE-2026-41274 Source advisory: SNYK:JS-FLOWISECOMPONENTS-16111007...

Improper Neutralization of Special Elements in Data Query Logic

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic through the GraphCypherQAChain request handling and graph.query execution path in GraphCypherQAChain.ts. An attacker can force...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via postCore.ts. An attacker can cause the server to make arbitrary HTTP requests to internal or external systems by injecting malicious prompt templates that...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the secureAxiosRequest and secureFetch functions. An attacker can gain unauthorized access to internal services and potentially exfiltrate sensitive data ...