CLSA-2026-1770395482 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate does not copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers - CVE-2026-24515...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

GO-2026-4396 OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList

OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList...

SUSE CVE-2026-23057

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb with a spare tail room is followed by a small skb length limited by GOODCOPYLEN = 128, an attempt is made to join...

PT-2026-6520

OpenList vulnerable to Path Traversal in file copy and remove handlers in github.com/OpenListTeam/OpenList...

ROS-20260205-73-0033

A vulnerability in the currentpasswordstore function of the dell-wmi-sysman driver of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this...

ROS-20260205-73-0022

A vulnerability in the pktgenthreadwrite function of the net/core/pktgen.c component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial ...

CVE-2026-25539

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...

CVE-2026-25539 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...

CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...