Brave Desktop 1.90.128 Security Fixes

Updated wallet to handle more "Permit" type warnings in the "Sign" panel as reported on HackerOne by syarif07. - Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...

Brave Android 1.90.128 Security Fixes

Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...

Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...

CVE-2026-40010

CVE-2026-40010 describes a session-fixation risk in Apache Wicket caused by missing invocation of Servlet http web request method changeSessionId after session binding. Affected versions are Wicket 8.0.0–8.17.0, 9.0.0, and 10.0.0–10.8.0. The issue can be mitigated by upgrading to version 10.9.0, ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

CVE-2026-33013

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

EUVD-2026-11679

Tinyauth's OIDC authorization codes are not bound to client on token exchange...

CVE-2026-26057

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

Mozilla Firefox < 2.0.0.19

The version of Firefox installed on the remote Windows host is prior to 2.0.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2008-68 advisory. - Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x...

SUSE SLES15 Security Update : kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2025:4040-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4040-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: ...

Security update for the Linux Kernel (Live Patch 62 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.234 fixes various security issues The following security issues were fixed: CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier...

Security update for kernel-livepatch-MICRO-6-0_Update_9

This update for kernel-livepatch-MICRO-6-0Update9 fixes the following issues: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 CVE-2025-38617: net/packet: fix a race in packetsetring and...

EUVD-2013-2397

Malware in sbrugna...

EUVD-2014-1665

Malware in sbrugna...

EUVD-2007-2473

Malware in sbrugna...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

PT-2025-37850

Name of the Vulnerable Software and Affected Versions: macOS Tahoe version 26 macOS Sequoia versions 15.7 macOS Sonoma version 14.8 tvOS version 26 visionOS version 26 watchOS version 26 iOS versions prior to 18.7 iPadOS versions prior to 18.7 Description: A logic issue was addressed with improve...

Linux Distros Unpatched Vulnerability : CVE-2023-32249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: not allow guest user on multichannel This patch return STATUSNOTSUPPORTED if binding session is guest. CVE-2023-32249 Note that Nessus relies on the...

USN-7695-1: Sidekiq vulnerabilities

Anas Roubi discovered that Sidekiq did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-30151 It was discovered that Sidekiq did not correctly...

PT-2025-25898 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the XDP SHARED UMEM mode in the Linux kernel, where packets are corrupted for the second and any further sockets bound to the same umem. This does not affect th...