CVE-2026-1999

CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...

CVE-2025-9543

CVE-2025-9543 (FlexTable – Data Table Sync with Google Sheets): A stored cross-site scripting vulnerability exists in FlexTable WordPress plugin versions before 3.19.2 where unfiltered links imported from Google Sheet cells are not properly sanitized/escaped. This could allow a high-privilege use...

WordPress GiveWP plugin <= 3.19.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by PetrusViet in WordPress Plugin GiveWP versions = 3.19.2...

OPENSUSE-SU-2025:15779-1 helm3-3.19.2-1.1 on GA media

These are all security issues fixed in the helm3-3.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Ubuntu 14.04 LTS : NSS vulnerabilities (USN-2672-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2672-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

USN-2672-1 nss vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...