9800 matches found
RLSA-2026:21381 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...
SUSE CVE-2026-9897
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
RockyLinux 9 : firefox (RLSA-2026:21378)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21378 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...
UBUNTU-CVE-2026-41159
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
CVE-2026-41159
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the project selector component when rendering selection menus for associating projects with system entities due to improper sanitization of project names returned via AJAX before injecting them into the DOM a...
CVE-2026-23870
A flaw was found in the React Server DOM components, including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. A remote attacker could exploit this denial of service DoS vulnerability by sending specially crafted HTTP requests to server function endpoints. This...
Exploit for XPath Injection in Huggingface Smolagents
🔐 Smolagents XPath Injection Simulation Framework CVE-2025-11...
MGASA-2026-0164 Updated thunderbird(-l10n) packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...
MGASA-2026-0165 Updated nspr, nss and firefox(-l10n) packages fix security issues
The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...
Updated thunderbird(-l10n) packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...
EUVD-2026-33158
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-9897
An use after free flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496271580...
CVE-2026-10016
An use after free flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=515155946...
RLSA-2026:21382 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...
Mermaid 代码注入漏洞
Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...
Linux Distros Unpatched Vulnerability : CVE-2026-10016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
AlmaLinux 8 : firefox (ALSA-2026:21382)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:21382 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...
CVE-2026-9897
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...