CVE-2026-2771

CVE-2026-2771 is an undefined-behavior vulnerability in the DOM: Core & HTML component of Mozilla Firefox/Thunderbird family that was fixed in Firefox 148, Firefox ESR 115.33 and 140.8, Thunderbird 148 and 140.8. The issue is reported across multiple advisories (Astra Linux bulletin and Amazon Li...

CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

EUVD-2026-8493

Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8...

CVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the PFCP Association Setup Request process. An attacker can cause service disruption and trigger reconnection loops by sending a malformed request that is incorrectly accepted, resulting in an inconsisten...

Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products that...

Mozilla -- Undefined behavior in the DOM: Core & HTML component

https://bugzilla.mozilla.org/showbug.cgi?id=2014593 reports: Undefined behavior in the DOM: Core & HTML component...

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

Malicious code in vl-ui-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e34ef0af8a8e8cc96afd0941b0fe2a5259eb4d2cf73564c5dde8b97a2bdf766 The package vl-ui-button was found to contain malicious code. Source: ossf-package-analysis...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...

CVE-2026-27007

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

AZL-78123 CVE-2026-26958 affecting package keda 2.14.1-11

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

GHSA-FW7P-63QQ-7HPR filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

Malicious code in abcxyzz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b953a8183a1a7ba906c9117e8afe658b2606311b606d8b3ecad680076fc51e9 The package abcxyzz was found to contain malicious code. Source: ossf-package-analysis b22a45e3a267d5930d5e8dfdb52954bf049c7b63a9bdb0818e5daff1191e74...

GO-2026-4478 Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server

Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

Malicious code in realestate-ask (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc4db310e1c17bbf02575dc3a75ab56d4d38581001d31617c583443f7d88a126 The package realestate-ask was found to contain malicious code. Source: ghsa-malware 75a155e1870bd51f018f66476427d1da99c87cbbcab800c354dad13f76b67c3b...