Linux Distros Unpatched Vulnerability : CVE-2026-2768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Linux Distros Unpatched Vulnerability : CVE-2026-2778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox...

Linux Distros Unpatched Vulnerability : CVE-2026-2761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

PT-2026-22028

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description A second-order expression injection exists in Form nodes. This allows an unauthenticated attacker to inject and evaluate arbitrary expressions ...

Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Summary Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An attacker can bypass path-based routing and any access controls attached to that rou...

GHSA-G7PC-PC7G-H8JH Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Summary Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An attacker can bypass path-based routing and any access controls attached to that rou...

CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

GHSA-V264-XQH4-9XMM OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2768

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2768

Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...