18319 matches found
ALSA-2026:6188 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and...
CVE-2026-4980
A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...
LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
...
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2026:1127-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1127-1 advisory. Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component -...
Roundcube -- SVG Attribute Bypass
The Roundcube project reports:...
SUSE CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-5026
The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...
GHSA-2QVQ-RJWJ-GVW9 vulnerabilities
Vulnerabilities for packages: ts-patch, rancher-api-ui, nextcloud-server, tileserver-gl, opensearch-dashboards, lerna, prism...
Linux Distros Unpatched Vulnerability : CVE-2026-23338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small numfences, or the required...
CVE-2026-4985
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...
SUSE-SU-2026:20978-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...
EUVD-2026-16659
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
DEBIAN-CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
UBUNTU-CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-4980
CVE-2026-4980 concerns Inkscape’s XInclude processing, where a crafted SVG with malicious xi:include tags can cause a local file disclosure. The connected CVE records identify the affected software as Inkscape 1.1 prior to 1.3, and describe the root cause as an improper handling of XML External E...
CVE-2026-4980
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...
CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload
The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...
CVE-2026-5026
The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...
SUSE-SU-2026:1127-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...