18300 matches found
Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2. It is, therefore, affected by a vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-007105)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007105 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP client...
FreeBSD : Mozilla -- Incorrect boundary conditions, integer overflow (30522580-33fb-11f1-8ac1-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30522580-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2017867 reports: Incorrect boundary conditions, integer...
FreeBSD : Mozilla -- Incorrect boundary conditions (322bd409-33fb-11f1-8ac1-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 322bd409-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the...
SUSE-SU-2026:21157-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR bsc1261663. - MFSA 2026-27: CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2...
ALPINE-CVE-2026-34757
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
EUVD-2026-20897
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
CVE-2026-34757
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
RLSA-2026:5931 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...
EUVD-2026-20667
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
PT-2026-31620
Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56 Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back int...
PT-2026-31734
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, prior to version 3.6.4, configured Mermaid.js with 'securityLevel: "loose"' and 'htmlLabels: true'. This configuration allowed tags with 'src' attribute...
RockyLinux 10 : thunderbird (RLSA-2026:6342)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6342 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...
SUSE CVE-2026-5732
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...
SUSE CVE-2026-5733
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2...
CLSA-2026-1775655705 kernel-uek: Fix of 34 CVEs
ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 - KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory CVE-2024-50115 - KVM: x86: Reset IRTE to host control if new route isn't postable CVE-2025-37885...
CLSA-2026-1775652408 Fix CVE(s): CVE-2026-24484
SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. -...