OPENSUSE-SU-2026:20789-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFSA 2026-48: - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-016743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016743 advisory. MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on...

Security Update for Windows Defender (May 2026) (CVE-2026-41091)

The Malware Protection Engine version of Microsoft Windows Defender installed on the remote Windows host is prior to 1.1.26040.8. It is, therefore, affected by a privilege escalation vulnerability: - Improper link resolution before file access 'link following' in Microsoft Defender allows an...

airalogy-engine (=0.0.2) potentially affected by CVE-2026-46703 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46703 Source advisory: OSV:GHSA-F396-4RP4-7V2J...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46703 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46703 Source advisory: OSV:GHSA-F396-4RP4-7V2J...

@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)

@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...

airalogy-engine (=0.0.2) potentially affected by CVE-2026-46695 via boxlite (=0.8.2)

boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...

Exploit for Link Following in Microsoft

🛡️ CVE-2026-41091 - RedSun Microsoft Defender Elevation...

pocx

pocx 一个完善的 yaml poc 引擎，poc 定义在wiki中 使用方法参考 example/main.go...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8391: Other issue in the JavaScript Engine component...

SUSE-SU-2026:2039-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine component. -...

CVE-2025-71212

CVE-2025-71212 affects Trend Micro Apex One Virus Scan Engine. A local attacker who can run low-privileged code can exploit a link-following weakness to escalate privileges via the VSApiNt.sys driver, as described by ZDI and mirrored in NVD. The vulnerability exists in the scan engine and can lea...

CVE-2025-71212

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

PT-2026-42604

Description Compiler::string escapes ", $, , NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In ModuleNode::compileConstructor, the template name from a % use % tag is compiled via subcompile - string and placed inside a surrounding PHP...

PT-2026-42591

Description The obj.expr dynamic-attribute syntax added in 3.15.0 as the replacement for the deprecated attribute function lets the attribute be an arbitrary expression. When the receiver is self or any % import % alias and the parenthesised expression is a string literal, DotExpressionParser...

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the column filter’s use of PHP arraycolumn. An attacker can bypass Twig sandbox property restrictions because arraycolumn accesses object...

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...