OPENSUSE-SU-2026:20603-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...

EUVD-2026-24603

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect...

CVE-2026-6762

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.117 contained a buffer overflow vulnerability, which was caused by out-of-bound reads from the GPU. This vulnerability allowed remote attackers with access to the renderer process to execute a...

DeepL for Chrome 跨站脚本漏洞

DeepL for Chrome is an open-source translation extension for the Chrome browser developed by DeepL. Versions 1.22.0 to 1.23.0 of DeepL for Chrome contain a cross-site scripting vulnerability. This vulnerability allows attackers to execute arbitrary scripts in the user’s browser and inject malicio...

EUVD-2026-24389

Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...

CVE-2026-35231

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-34305

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-34301

Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft component: Work Order Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2026-34291

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While...

CLSA-2026-1776791328 nginx: Fix of 5 CVEs

CVE-2017-7529: fix integer overflow in range filter - CVE-2018-16843: fix excessive memory consumption in HTTP/2 - CVE-2018-16844: fix excessive CPU usage in HTTP/2 - CVE-2019-9511: fix excessive memory growth via HTTP/2 DATA frame manipulation - CVE-2019-9513: fix excessive CPU usage via HTTP/2...

EUVD-2026-24168

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

CVE-2025-31958

HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...

CVE-2026-6762

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6746

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

UBUNTU-CVE-2026-6762

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-6762

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

PT-2026-34123

Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft component: Work Order Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...