SUSE CVE-2026-12318

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

Summary pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrictbasepath: True the default, the current filename.startswithbase containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling...

Arbitrary Code Injection

Enclave is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper enforcement of security boundaries in @enclave-vm/core, allowing attackers to escape the JavaScript sandbox environment and achieve arbitrary code execution on the host system...

CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

Mozilla Firefox ESR < 115.35.1

The version of Firefox ESR installed on the remote Windows host is prior to 115.35.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-37 advisory. - Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability wa...

CVE-2026-41295

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

PT-2026-33862

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version contains a security vulnerability. This vulnerability arises from insufficient buffer boundary alignment and validation during the asynchronous parsing of local video stream content, whi...

Astra Linux – Vulnerability in Firefox

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a buffer error vulnerability. This vulnerability stems from the function ISO15118chargerImpl::handlesessionsetup, which copies a variable-length list into ...

CVE-2026-4710

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

commonmark 代码问题漏洞

Commonmark is a highly scalable PHP Markdown parser developed by The League of Extraordinary Packages. It fully supports the CommonMark and GFM specifications. Versions of Commonmark from 2.3.0 to 2.8.2 had code vulnerabilities. These vulnerabilities stemmed from the DomainFilteringAdapter in the...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...

SUSE CVE-2026-2788

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

UBUNTU-CVE-2026-2757

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

UBUNTU-CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2788 Incorrect boundary conditions in the Audio/Video: GMP component

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

EUVD-2025-30813

Malicious code in bioql PyPI...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...