Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.15.2 contained security vulnerabilities; these vulnerabilities stemmed from the possibility of Lua sandbox escape through specially crafted mods when using...

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2026-19167)

Google Chrome is a web browser developed by Google with a V8 engine for executing JavaScript code. A type confusion vulnerability exists in Google Chrome's V8 engine. The vulnerability stems from the engine's failure to properly handle object types and can be exploited by an attacker to perform...

PT-2026-33378

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.1 Description The proxyUi template engine utilizes Go's text/template, which does not perform HTML escaping, rather than html/template. The GitHub OAuth callback handlers in 'publicProxy' and 'dynamicProxy' embed the...

AlmaLinux 8 : thunderbird (ALSA-2026:6917)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:6917 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34...

RHEL 7 : firefox (RHSA-2026:8427)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8427 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : thunderbird (RHSA-2026:8287)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8287 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine...

Fedora 42 : moby-engine (2026-49fd0d9636)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49fd0d9636 advisory. - Update to release v29.4.0 - Resolves: rhbz2455894 - Resolves CVE-2026-34986: rhbz2455665 - Upstream new features and fixes Tenable has extracted the...

Fedora 43 : moby-engine (2026-a5015b57b9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a5015b57b9 advisory. - Update to release v29.4.0 - Resolves: rhbz2455894 - Resolves CVE-2026-34986: rhbz2455665 - Upstream new features and fixes Tenable has extracted the...

RHEL 10 : thunderbird (RHSA-2026:8315)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8315 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engin...

Fedora: Security Advisory (FEDORA-2026-a5015b57b9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-49fd0d9636)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-23092

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

Cross-site Scripting (XSS)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-6296

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper invalidation of certain syntactic patterns during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

Template Injection

Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...