Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

Mozilla Thunderbird < 147.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory. - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002807 advisory. Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Tenable has extracted the preceding description block directly from the Unity...

Mozilla Thunderbird < 140.7

The version of Thunderbird installed on the remote Windows host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-05 advisory. - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146, Thunderbird 146, Firefox...

Linux Distros Unpatched Vulnerability : CVE-2026-0881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. CVE-2026-0881 Note that Nessus relies on the...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1057)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar implementation would...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-1021)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.CVE-2025-463...

ALSA-2026:0667 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

ALSA-2026:0694 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2026-1087)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-1042)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.CVE-2025-463...

Debian dla-4439 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4439 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4439-1 [email protected]...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003234)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003234 advisory. Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Tenable has extracted the preceding description block directly from the Unity...

EulerOS 2.0 SP12 : docker-runc (EulerOS-SA-2026-1067)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1078)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to...

RHEL 8 / 9 : OpenShift Container Platform 4.18.31 (RHSA-2026:0331)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0331 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

CVE-2026-22686

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

CLSA-2026-1768410745 aide: Fix of CVE-2025-54389

CVE-2025-54389: escape filenames in error/log messages to prevent terminal escape sequence injection...

enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

GHSA-7QM7-455J-5P63 enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...