RHEL 8 : thunderbird (RHSA-2026:0024)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0024 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

RHEL 8 : firefox (RHSA-2026:0006)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0006 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : firefox (RHSA-2026:0017)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0017 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : firefox (RHSA-2026:0016)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0016 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

CVE-2026-21436

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the Pyodide-based Python Code Node, which allows an authenticated attacker with workflow modification privileges to escape the sandbox and execute arbitrary commands on the host system running n8...

CVE-2025-13153

CVE-2025-13153 — The Logo Slider WordPress plugin prior to 4.9.0 does not validate or escape certain slider options before echoing them in the dashboard, enabling Stored XSS for users with contributor+ privileges. Root cause: insufficient input validation/escaping in the plugin’s dashboard output...

CVE-2026-21436

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

CVE-2026-21436 eopkg has Path Traversal: '../filedir' vulnerability

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

CVE-2026-21436 eopkg has Path Traversal: '../filedir' vulnerability

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be installed in the path given...

PT-2026-27386

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A sandbox escape exists because of incorrect boundary...

PT-2026-27391

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A sandbox escape issue exists in the Responsive Design Mod...

PT-2026-27388

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A sandbox escape is possible due to incorrect boundary...

PT-2026-26510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A flaw exists in the WebGL component of Google Chrome on Android that could allow a remote attacker to potentially escape the sandbox through a specially crafted HTML page. The issue...

PT-2026-24117

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.11 Description The node-tar software contains a flaw where it can be manipulated into creating a symbolic link that points outside the intended extraction directory. This is achieved by utilizing a drive-relative...

PT-2026-27389

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A sandbox escape is possible due to incorrect boundary...

PT-2026-21693

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A sandbox escape is possible due to incorrect boundary...

PT-2026-21694

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A sandbox escape issue exists in the Graphics: WebRender...

PT-2026-26522

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A flaw exists in Google Chrome's Navigation feature due to inadequate validation of untrusted input. This could allow a remote attacker who has already compromised the renderer process...

PT-2026-26527

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A use-after-free issue exists in the Digital Credentials API of Google Chrome. A remote attacker compromising the renderer process could potentially achieve a sandbox escape through a...