CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2805

Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2799

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2799 Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2799 Use-after-free in the DOM: Core & HTML component

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2798

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components developed by Hitachi, Ltd. The Hitachi Energy RTU500 contains a security vulnerability; this vulnerability arises from the possibility of denial-of-service attacks due to the reception of invalid U-format frames...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products that...

PT-2026-21807

Name of the Vulnerable Software and Affected Versions GetSimpleCMS Community Edition version 3.3.16 Description GetSimpleCMS Community Edition version 3.3.16 has a stored cross-site scripting issue in the Theme to Components functionality within the components.php file. Input to the “slug” field ...

PT-2026-21738

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description The software contains an invalid pointer issue within the DOM Core and HTML components. This condition may lead to unexpected behavior or crashes. Recommendations Upda...

Mozilla -- Undefined behavior in the DOM: Core & HTML component

https://bugzilla.mozilla.org/showbug.cgi?id=2014593 reports: Undefined behavior in the DOM: Core & HTML component...

PT-2026-21563

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions up to and including 1.2.6 free5gc smf versions up to and including 1.4.0 Description The software contains an Improper Input Validation and Protocol Compliance issue that can lead to Denial of Service. Remote attackers...

BIT-NIFI-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

Autodesk Shared Components < 2026.6 Multiple Vulnerabilities (adsk-sa-2026-0004)

The version of Autodesk Shared Components installed on the remote Windows host is prior to 2026.6. It is, therefore, affected by multiple out-of-bounds write vulnerabilities: - A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +10 more potentially affected by CVE-2026-25535 via jspdf (>=4.0.0 <=4.1.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =0.112.0-79, =0.111.0-7, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25535 Source advisory: SNYK:JS-JSPDF-15322681...

CVE-2026-25903

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

Autodesk Shared Components 缓冲区错误漏洞

Autodesk Shared Components is a component provided by Autodesk, Inc. in the United States. Autodesk Shared Components has a buffer error vulnerability. This vulnerability arises from the possibility of out-of-bounds write attacks during the parsing of specially crafted MODEL files, which can lead...

Autodesk Shared Components 缓冲区错误漏洞

Autodesk Shared Components is a component provided by Autodesk, Inc. in the United States. Autodesk Shared Components has a buffer error vulnerability. This vulnerability arises from the possibility of out-of-bounds write attacks during the parsing of specially crafted CATPART files. It may lead ...

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...