VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

Astra Linux – Vulnerability in symfony

Symfony/http-foundation is a module for the Symphony PHP framework that defines an object-oriented layer for handling HTTP requests. The Request class does not parse URIs containing special characters in the same way that browsers do. As a result, attackers can trick validators that rely on the...

Astra Linux – Vulnerability in wpa, pupnp-1.8

The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...

CVE-2026-12315

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

CVE-2026-12305

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

firefox: Privilege escalation in the Enterprise Policies component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...

firefox: thunderbird: Privilege escalation in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...

firefox: Privilege escalation in the Enterprise Policies component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Enterprise Policies component...

firefox: Spoofing issue in the Form Autofill component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Form Autofill component...

firefox: thunderbird: Other issue in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the JavaScript Engine component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: Spoofing issue in the Form Autofill component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the Form Autofill component...