firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs are present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of...

CVE-2026-28733

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

EUVD-2026-30834

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-28733

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

CVE-2025-51427

ModelScope 1.25.0 is affected by CVE-2025-51427. The issue allows arbitrary code execution via a crafted module listed in the deployment’s configuration file (dey_mini.yaml) under the key ['nnet']['module']. The root cause is a unsafe module loading path in the configuration, enabling an attacker...

PT-2026-41928

Name of the Vulnerable Software and Affected Versions Firefox versions 140.10 through 150 Thunderbird versions 140.10 through 150 Description Memory safety bugs involving memory corruption could allow an attacker to run arbitrary code. Recommendations Update Firefox to version 151 or ESR 140.11...

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is an email client software developed by the Mozilla Foundation in the United States, and it is a separate product from the Mozilla Application Suite. This software supports IMAP and POP email protocols, as well as HTML email formats. Versions 140.10 and 150 of Mozilla...

ALSA-2026:19009 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

ALSA-2026:19359 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

RHEL 10 : systemd (RHSA-2026:19068)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19068 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

Mozilla Firefox < 151.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-46 advisory. - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs...

RHEL 9 : systemd (RHSA-2026:19213)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19213 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

MiracleLinux 9 : libpng-1.6.37-12.el9_7.4 (AXSA:2026-641:09)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-641:09 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly fro...

MiracleLinux 8 : nginx:1.24 (AXSA:2026-645:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-645:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

ALSA-2026:19010 Important: postgresql16 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained security vulnerabilities, allowing attackers to execute arbitrary code in pre-installed applications...

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability, which allowed attackers to execute arbitrary code in pre-installed applications...

OpenHarmony 资源管理错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a resource management vulnerability that allowed attackers to execute arbitrary code...

ModelScope 代码注入漏洞

ModelScope is an open-source model service and inference training platform developed by ModelScope. Version 1.25.0 of ModelScope contains a code injection vulnerability. This vulnerability stems from allowing attackers to execute arbitrary code by using a specially crafted module listed under the...