KLA91060 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Security...

CVE-2026-45492 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

KLA91045 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial ...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise-components versions = 3.1.1...

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

GHSA-M99R-2HXC-CP3Q Flowise has an MCP Security Bypass that Enables RCE

Summary There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods Details 【Vulnerability one】The Docker build subcommand not being on the blocklist leads to remote code execution The attack...

CVE-2026-40976

A flaw was found in Spring Boot. Under specific conditions, including being a servlet-based web application without custom Spring Security configuration and relying on the default web security filter chain, a remote attacker could bypass security. This allows unauthorized access to all applicatio...

nuxt-og-image 代码问题漏洞

nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image from 6.2.5 to 6.4.9 had code issues and vulnerabilities. These vulnerabilities stemmed from an incomplete blocklist for the isBlockedUrl function, which could le...

KLA91052 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in refint can be exploited to...

vCluster Platform 跨站脚本漏洞

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...

EUVD-2026-29922

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

CVE-2026-34647

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

EUVD-2026-29955

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2026-0236 Prisma Browser: Code Injection Enables Security Controls Bypass

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

CVE-2026-0237 Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

CVE-2026-0237 Prisma Browser: Improperly Restricted Automation Bridge Allows Security Bypass

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

CVE-2026-8369

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2026-8369

CVE-2026-8369 describes an issue in the NAT64 translator of The OpenThread Authors’ OpenThread (affected: OpenThread before commit 26a882d, on all platforms) caused by improper input validation. The vulnerability enables an attacker on an adjacent IPv4 network to inject corrupted IPv6 packets int...