29713 matches found
Astra Linux – Vulnerability in Firefox
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
PT-2026-29453
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A heap buffer overflow in ANGLE within Google Chrome on Mac systems allows a remote attacker to potentially execute arbitrary code through a specially crafted HTML page. Recommendation...
MiracleLinux 8 : firefox-140.9.0-1.el8_10.ML.1 (AXSA:2026-373:06)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-373:06 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...
RHEL 10 : thunderbird (RHSA-2026:6342)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:6342 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engin...
Important: Red Hat Security Advisory: General availability of the satellite/iop-insights-engine-rhel9 container image
A new satellite/iop-insights-engine-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Applying security fundamentals to AI: Practical advice for CISOs
What to know about the era of AI The first thing to know is that AI isn’t magic The best way to think about how to effectively use and secure a modern AI system is to imagine it like a very new, very junior person. It’s very smart and eager to help but can also be extremely unintelligent. Like a...
EUVD-2026-17419
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
CVE-2026-29870
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
CVE-2026-4416
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...
CVE-2026-29870
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
Agentic Context Engine 安全漏洞
Agentic Context Engine is an AI proxy learning and optimization framework developed by Kayba. Versions of Agentic Context Engine 0.7.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by a directory traversal vulnerability in the checkpointdir parameter, which cou...
Mozilla Firefox and Mozilla Thunderbird Resource Management Error Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A resource management error vulnerability exists in Mozilla Firefox and Mozilla...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-16995)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...
KLA90963 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...
PT-2026-29455
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description An integer overflow in ANGLE on Windows allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory write via a crafted HTML page...