29713 matches found
PT-2026-29427
Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An administrator setting the branding.name field to a malicious...
CVE-2026-29870
The CVE-2026-29870 entry describes a directory traversal in the agentic-context-engine (versions up to 0.7.1) that enables arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The root cause is that save_to_file in ace/skillbook.py does not normalize or validate filesystem pa...
PT-2026-29270
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint dir parameter in OfflineACE.run. The save to file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-17000)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products. The...
CVE-2026-29870
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...
CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...
ALPINE-CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +6 more potentially affected by CVE-2026-34373 via parse-server (>=5.6.0 <=7.5.4)
parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.1 - servable-publishable =1.1.0 Source cves: CVE-2026-34373 Source advisory: OSV:GHSA-Q3P6-G7C4-829C...
com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)
io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...
firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine component...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
EUVD-2026-17071
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...
CVE-2026-4416
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...
CVE-2026-4416
The CVE-2026-4416 entry concerns Gigabyte Control Center’s Performance Library, where an Insecure Deserialization vulnerability in the EasyTune Engine service allows authenticated local attackers to send a crafted serialized payload and achieve privilege escalation. The NVD/NVD-derived metrics in...
CVE-2026-4416 GIGABYTE|Performance Library - Insecure Deserialization
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...
CVE-2026-4416 GIGABYTE|Performance Library - Insecure Deserialization
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...
CVE-2026-4416
The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...