Lucene search
K

9803 matches found

RedHat Linux
RedHat Linux
added 2026/05/14 7:47 p.m.8 views

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

7.5CVSS5.7AI score0.00586EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 8:28 a.m.6 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 5:14 a.m.10 views

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)

Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Important: firefox

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150,...

9.8CVSS6.2AI score0.04938EPSS
Exploits2
Amazon
Amazon
added 2026/05/14 12:0 a.m.17 views

Important: thunderbird

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150,...

9.8CVSS6.2AI score0.04938EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-41134

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41138

Name of the Vulnerable Software and Affected Versions Fides versions 2.33.0 through 2.84.4 Description A DOM-based Cross-Site Scripting XSS issue exists in fides.js, the script used to render consent banners. The problem occurs when the fides description variable is overridden via a URL query...

7CVSS5.9AI score0.00297EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

RHEL 9 : firefox (RHSA-2026:17687)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17687 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References52
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

TencentOS Server 4: firefox (TSSA-2026:0292)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0292 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.20 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3290 (ALAS-2026-3290)

The version of thunderbird installed on the remote host is prior to 140.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3290 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic i...

9.8CVSS6AI score0.04938EPSS
Exploits2References52
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

RHEL 8 : firefox (RHSA-2026:17477)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17477 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References52
OSV
OSV
added 2026/05/13 12:3 p.m.6 views

RLSA-2026:15892 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

7.5CVSS6AI score0.04938EPSS
Exploits1References26
Rockylinux
Rockylinux
added 2026/05/13 12:3 p.m.32 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

9.8CVSS5.8AI score0.04938EPSS
Exploits1
OSV
OSV
added 2026/05/13 8:1 a.m.4 views

OPENSUSE-SU-2026:20745-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...

9.8CVSS6.5AI score0.0076EPSS
Exploits1References20
OSV
OSV
added 2026/05/13 7:57 a.m.4 views

SUSE-SU-2026:21612-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...

9.8CVSS6.5AI score0.0076EPSS
Exploits1References21
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.11 views

SUSE CVE-2026-7814

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00163EPSS
Exploits1References3
Drupal
Drupal
added 2026/05/13 12:0 a.m.14 views

Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035

The GTranslate module provides a language switcher widget for Drupal sites. The module’s widget JavaScript did not sufficiently validate that document.currentScript referred to the executing script element. A user who can add HTML to a page could cause the generated language-switcher links to poi...

2.7CVSS5.8AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:56 a.m.6 views

BIT-PHP-MIN-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:56 a.m.6 views

BIT-PHP-2026-7263 DoS attack via DOMNode::C14N()

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40300

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References3
Rows per page
Query Builder