329 matches found
CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
PT-2026-21820
Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A critical flaw exists in FreeBSD that allows a jailed process to escape its confinement. Successful exploitation of this issue can lead to full filesystem access, effectively breaking the...
Caddy 安全漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP path request matcher’s sensitivity to case differences when processing patterns that included...
PT-2026-21819
By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...
CVE-2026-2472 Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization
Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...
Important: firefox
Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7. CVE-2026-0877 Sandbox escape due to incorrec...
Important: thunderbird
Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird 147.0.1 and Thunderbird 140.7.1...
AlmaLinux 8 : firefox (ALSA-2026:0667)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...
ALSA-2026:2286 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7,...
RHEL 10 : thunderbird (RHSA-2026:2286)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2286 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...
EUVD-2026-5592
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
SandboxJS security vulnerability
SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.26 contained security vulnerabilities. These vulnerabilities stemmed from the lack of isolation of AsyncFunctions within SandboxFunctions, which could lead to sandbox escapes and remote code execution...
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.47 packages and security update
Red Hat OpenShift Container Platform release 4.17.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
Updated nss & firefox packages fix security vulnerabilities
Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...
MiracleLinux 8 : postgresql:10 (AXSA:2021-1514:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1514:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...
RockyLinux 9 : firefox (RLSA-2026:0694)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0694 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.31 packages and security update
Red Hat OpenShift Container Platform release 4.18.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
Mozilla Thunderbird < 140.7
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-05 advisory. - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146, Thunderbird 146...
Mozilla Thunderbird < 147.0
The version of Thunderbird installed on the remote Windows host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory. - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory...