CVE-2026-28733 filemanagement_storage_service has an use after free vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-25850

CVE-2026-25850 concerns OpenHarmony, affecting v6.0 and earlier, where the component filemanagement_storage_service improperly preserves permissions. The result is a local attacker can cause an information leak. The CVSS score is 5.5 (Medium); vectors: Local access, low attack complexity, low pri...

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-28751

Technical details about CVE-2026-28751 are not publicly provided in the supplied documents; please monitor for updates.

CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

ALSA-2026:19348 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

ALSA-2026:18421 Moderate: luksmeta security update

LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in AlmaLinux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...

EspoCRM 跨站脚本漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained a cross-site scripting vulnerability. This...

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...

Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...

PT-2026-41947

An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...

PT-2026-42036

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

RHEL 9 : firefox (RHSA-2026:19201)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

GHSA-962Q-HWM5-52X5 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the paramiko package to provide common ssh capability. paramiko-4.0.0-py3-none-any.whl is vulnerable to CVE-2026-44405. Vulnerability Details CVEID:CVE-2026-44405 DESCRIPTION: In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1...