thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

OPENSUSE-SU-2026:20699-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1262283. Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems jscPED-14609: Migrated user...

SUSE-SU-2026:1741-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 bsc1262230: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized memory in the...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +373 more potentially affected by CVE-2026-44248 via io.netty:netty-codec-mqtt (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-mqtt MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44248 Source advisory: SNYK:JAVA-IONETTY-16439015...

GHSA-7J59-V9QR-6FQ9 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23724 more potentially affected by CVE-2026-42581 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (>=2.11.1.0 <=2.19.3.0)

org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =0.1.0, =0.1.0, =0.2.3.10 Source cves: unknown CVE Source advisory: OSV:GHSA-X83W-23JP-G6PW...

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: OSV:GHSA-R4W4-WV68-QV85...

MiracleLinux 8 : firefox-140.10.0-1.el8_10.ML.1 (AXSA:2026-549:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-549:09 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

RockyLinux 8 : thunderbird (RLSA-2026:13537)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13537 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScri...

trying-to-make-a-website-scanner

trying-to-make-a-website-scanner Web Vulnerability Scanner —...

BIT-JAVA-MIN-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

BIT-JAVA-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

BIT-JAVA-MIN-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

BIT-JAVA-MIN-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

BIT-JAVA-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

BIT-JAVA-MIN-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

BIT-JAVA-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

BIT-JAVA-MIN-2020-2654

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...