Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...

[SECURITY] Fedora 44 Update: python3.13-3.13.13-1.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

[SECURITY] Fedora 44 Update: python3.15-3.15.0~a8-1.fc44

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

[SECURITY] Fedora 44 Update: stb-0^20260313git904aa67-2.fc44

Single-file public domain libraries for C/C++...

[SECURITY] Fedora 44 Update: corosync-3.1.10-5.fc44

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

CVE-2026-41248

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

@bynder/bynder-js-sdk (=2.5.3), @craftgate/craftgate (=1.0.66) +3 more potentially affected by CVE-2025-62718 +1 more via axios (=0.31.0)

axios NPM version =0.31.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios and may be impacted: - @bynder/bynder-js-sdk =2.5.3 - @craftgate/craftgate =1.0.66 - @extrahorizon/exh-cli =1.13.2, =8.10.0, =8.10.0-dev-162-aab55c5 - amio-sdk-js =4.4.4...

[SECURITY] Fedora 44 Update: nss-3.122.1-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

java-17-openjdk security update

1:17.0.19.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:17.0.19.0.10-1 - Update to jdk-17.0.19+10 GA - Add to .gitignore openjdk-17.0.19+10.tar.xz - Set updatever to 19 - Set buildver to 10 - Set rpmrelease to 1 - Update sources to openjdk-17.0.19+10.tar.xz - This tarball is embargoed...

OPENSUSE-SU-2026:20621-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.0 ESR. - MFSA 2026-32 bsc1262230: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component CVE-2026-6747: Use-after-free in the WebRTC component CVE-2026-6748: Uninitialized memory ...

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6874 via copilot-api (=0.7.0)

copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6874 Source advisory: OSV:GHSA-3VR4-CVMG-7FX4...

CVE-2026-32679

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

Japan Media Systems LiveOn Meet Client和Canon Network Camera Plugin 代码问题漏洞

Japan Media Systems LiveOn Meet Client and Canon Network Camera Plugin are both products of Japan Media Systems, a company based in Japan. Japan Media Systems LiveOn Meet Client is a client application that supports online meetings, real-time audio and video communication, and collaboration. The...

PT-2026-34589

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +996 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.0.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.10.0, =1.10.0, =1.10.0, =1.0.0, =1.55.1, =1.55.1, =3.1.0, =3.1.0, =8.4.0, =1.0.0, =17.16.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory:...

cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.4.0.0 <=3.4.0.1), cn.herodotus.engine:oauth2-core (>=3.4.0.0 <=3.4.0.1) +111 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.4.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22748 Source advisory:...

SUSE CVE-2026-6767

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...