7061 matches found
PT-2026-27422
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Thunderbird versions prior to 149 Description An undefined behavior issue exists in the Audio/Video component. This can lead to unexpected program behavior. Recommendations Update Firefox to version 149 or later...
Mozilla多款产品 安全漏洞
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products due to...
Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs
Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...
Mozilla -- Multiple vulnerabilities
CVE-2026-4729: Memory safety bugs CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. CVE-2026-4727: Denial-of-service in the Libraries component in NSS. CVE-2026-4726: Denial-of-service in the XML component. CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics:...
MAL-2026-2122 Malicious code in rowrapee (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 398cfbdac2d3602a5c9836408942993c3f2bbcda911184825f01cf9937fb035e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...
Malicious code in repo-typescript-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c009aa720ff70075b05dfa732a4d21fb40241c526d6615825dea97202843b252 The package repo-typescript-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2009 Malicious code in repo-typescript-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c009aa720ff70075b05dfa732a4d21fb40241c526d6615825dea97202843b252 The package repo-typescript-config was found to contain malicious code. Source: ghsa-malware...
Behavior Injection Remote Code Execution (RCE)
Craft CMS is vulnerable to Behavior Injection Remote Code Execution RCE. The vulnerability is due to improper handling of behavior injection in ElementIndexesController and FieldsController, which allows an attacker with admin privileges and enabled admin changes to execute arbitrary code...
CVE-2026-32810
Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...
EUVD-2025-208899
An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...
CVE-2025-62845
An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...
CVE-2025-62845 QuRouter
An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...
PT-2026-26635
Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An improper neutralization of escape, meta, or control sequences vulnerability exists in QHora. A local attacker with administrator privileges can exploit this issue to cause unexpected behavior...
EUVD-2026-13099
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
PT-2026-26344
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...
libarchive 安全漏洞
Libarchive is an open-source multi-format archive and compression library developed by Libarchive. There is a security vulnerability in Libarchive, which stems from undefined behavior in the zisofs decompression logic. The improper validation of the pzlog2bs field read from the ISO9660 Rock Ridge...