RHEL 8 : firefox (RHSA-2026:3492)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3492 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

OESA-2026-1461 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

EUVD-2026-9049

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

This AI Agent Is Designed to Not Go Rogue

The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down...

MAL-2026-1057 Malicious code in windowston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6a92aff7b9a6be04f3050f1895e2d53e77dd8c9eba110c970ab59c7d003d81 The package windowston was found to contain malicious code. Source: ghsa-malware 87bbab5dffef9e8b05cc36129ad2ac67f2c980f4b85ee393b0f23ee8fa15fd85 Any...

AlmaLinux 9 : firefox (ALSA-2026:3339)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3339 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

Malicious code in react-devtools-raycast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 389c48f69049121e3e54751b68803d75bb5d571de2c8caf9c5e5d21f970612f0 The package react-devtools-raycast was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

PT-2026-21911

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended execution of files by crafting URLs with specific Unicode characters that manipulate the path splitting logic, potentiall...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended execution of files by crafting URLs with specific Unicode characters that manipulate the path splitting logic, potentiall...

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

UBUNTU-CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...