9802 matches found
firefox: thunderbird: Use-after-free in the DOM: Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Networking component...
Important: firefox
Issue Overview: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR...
Important: firefox
Issue Overview: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR...
PT-2026-43403
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
RHEL 9 : firefox (RHSA-2026:20574)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20574 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
RHEL 8 : firefox (RHSA-2026:20566)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20566 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
TencentOS Server 3: thunderbird (TSSA-2026:0381)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0381 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...
TencentOS Server 3: firefox (TSSA-2026:0382)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0382 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2...
ALSA-2026:20574 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2...
CVE-2026-45435
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...
PT-2026-43148
Name of the Vulnerable Software and Affected Versions WP Activity Log versions prior to 5.6.4 Description Improper neutralization of input during web page generation in Melapress WP Activity Log allows for DOM-Based Cross-site Scripting XSS, a flaw where the application contains client-side...
WordPress plugin WP Activity Log 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
xss_scanner
XSS Scanner – Automated Cross-Site Script Vulnerability Scanne...
CVE-2026-41149 Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...
CVE-2026-41149 Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...
UBUNTU-CVE-2026-42502
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
UBUNTU-CVE-2026-27136
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...