Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-61726 DESCRIPTION: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We have many more similar issues that need to be...

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, an excessive number of parts in HTTP form uploads can lead to high resource consumption and an excessive number of log entries. This can cause a denial of service on the affected server by exhausting CPU resources or disk...

Astra Linux - уязвимость в tomcat9

URL redirection to untrusted sites “open redirect” vulnerability in FORM authentication with Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.0-M10, 10.1.0-M1 through 10.0.12, 9.0.0-M1 through 9.0.79, and 8.5.0 through 8.5.92. Older, end-of-life versions...

Astra Linux - уязвимость в golang-1.19

When parsing a multipart form—either explicitly using Request.ParseMultipartForm or implicitly using Request.FormValue, Request.PostFormValue, or Request.FormFile—limits on the total size of the parsed form were not applied to the memory consumed when reading a single form line. This allowed...

Astra Linux - уязвимость в python-django

A issue was discovered in Django versions 5.1.1, 5.0.9, and 4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view that implements password reset processes, allows remote attackers to enumerate user email addresses by sending password reset requests and observing the...

Astra Linux - уязвимость в node-form-data

The use of insufficiently random values in form-data allows for HTTP Parameter Pollution HPP. This vulnerability is associated with the program file lib/formdata.Js. This issue affects form-data versions: 2.5.4, 3.0.0 – 3.0.3, 4.0.0 – 4.0.3...

Astra Linux - уязвимость в firefox

The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

SUSE CVE-2026-8961

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...