CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

EUVD-2026-33023

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

CVE-2026-44657

CVE-2026-44657 – MantisBT : Before version 2.28.2, an attacker can execute code by exploiting a stored XSS vector in file_download.php. When the request uses show_inline=1 together with a valid file_show_inline CSRF token and the uploader references a crafted XHTML attachment that points to a Jav...

CVE-2026-9126

An use after free flaw was found in the DOM component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496280532...

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

EUVD-2026-32989

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user and can result in kernel panic or deadlock...

CVE-2026-47332 Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

CVE-2026-9119

A heap buffer overflow flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502661101...

CVE-2026-9115

An insufficient policy enforcement flaw was found in the Service Worker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495999481...

CVE-2026-9113

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489585044...

PYSEC-0000-CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

EUVD-2026-32950

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

SUSE-SU-2026:21914-1 Security update for python-idna

This update for python-idna fixes the following issue - CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413...

CVE-2026-42250

CVE-2026-42250 describes an off‑by‑one error in the bzip2recover utility of bzip2. Processing a specially crafted file can trigger an out‑of‑bounds write to a global buffer, causing memory corruption and a denial of service (local impact). The issue is fixed in bzip2 version 1.0.9. Affected compo...

USN-8332-1: CRaC JDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8332-1 openjdk-17-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8330-1: OpenJDK 8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

CVE-2026-46210

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmtsrc during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances. T...

UBUNTU-CVE-2026-46120

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...