Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. CVE-2026-6747: Use-after-free in the WebRTC component. CVE-2026-6748: Uninitialized memory i...

OPENSUSE-SU-2026:20642-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

RLSA-2026:10767 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...

firefox security update

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a security vulnerability caused by a type confusion in the V8 component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a special...

OPENSUSE-SU-2026:10642-1 libmozjs-140-0-140.10.0-1.1 on GA media

These are all security issues fixed in the libmozjs-140-0-140.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

School Management System 安全漏洞

School Management System is a school management system developed by ManiKandan G, based on PHP and MySQL. There is a security vulnerability in School Management System, which stems from the uncleaned type parameter in the register.php file. This vulnerability could allow unauthorized remote...

PT-2026-35837

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code within a sandbox by...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20621-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20621-1 advisory. Update to Firefox Extended Support Release 140.10.0 ESR. - MFSA 2026-32 bsc1262230: CVE-2026-6746: Use-after-free in the DOM: Core & HTML...

CVE-2026-37750

CVE-2026-37750 is a real, in-the-wild reflected XSS in the School Management System (vendor: mahmoudai1, product: School Management System, version 1.0). The vulnerability is triggered via the unsanitized type parameter in register.php, where user input is echoed back (e.g., echo ucfirst($_REQUES...

RockyLinux 9 : firefox (RLSA-2026:10757)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10757 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScri...

RockyLinux 10 : firefox (RLSA-2026:10767)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10767 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

CVE-2026-41467 ProjeQtor < 12.4.4 Stored XSS via checkValidFileName()

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the...

CVE-2026-41467

ProjeQtor versions 7.0–12.4.3 are affected by a stored XSS in the file upload flow. The checkValidFileName() function fails to restrict HTML/HTM uploads, allowing authenticated attackers to place HTML files containing arbitrary JavaScript via image upload or attachment endpoints. When any user ac...