CVE-2026-48725

Warp exposes a vulnerability where terminal output can request access to the local clipboard via OSC 52. From build 0.2021.04.25.23.05.stable_00 up to 0.2026.05.06.15.42.stable_01, a malicious remote host or attacker-controlled terminal output source could trigger reads or writes to the user’s cl...

EUVD-2026-37098

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

CVE-2026-12295

CVE-2026-12295 describes a sandbox escape in the DOM: Navigation component affecting Mozilla Firefox and Thunderbird. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. The entry lists a CVSS v3.1 base score of 9.6 (CRITICAL...

CVE-2026-12289

CVE-2026-12289 describes a privilege-escalation vulnerability in the Graphics: WebRender component. The public description and connected advisories indicate this affects Mozilla Firefox and Thunderbird products, with fixes shipped in: Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbi...

PT-2026-49682

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description An information disclosure and sandbox escape issue exists within the Security: Process...

CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

MINI-47HP-52X6-VXFJ

Bulletin has no description...

SUSE SLES15 Security Update : mozjs52 (SUSE-SU-2026:1742-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1742-1 advisory. This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external paramete...

Security update for mozjs52

This update for mozjs52 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc1259713...

MINI-52CM-6C68-JJW3

Bulletin has no description...

EUVD-2026-9382

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

CVE-2025-13375

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

MiracleLinux 8 : postgresql:10 (AXSA:2022-3788:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3788:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...

SUSE SLES15 / openSUSE 15 Security Update : mozjs52 (SUSE-SU-2025:4512-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4512-1 advisory. - CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 - CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 -...

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

CVE-2025-62593

Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...

Mozilla Firefox < 52.0

The version of Firefox installed on the remote Windows host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-05 advisory. - Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolte...

KLA90930 OSI vulnerability in Git for Windows

Information disclosure vulnerability was found in Git for Windows. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories Git for Windows 2.52.0 Exploitation Related products Git-for-Windows CVE list CVE-2025-66413 high Solution Update to the latest...

EUVD-2025-69722

Malicious code in iwan-serimuka52-ruro npm...

MAL-2025-47467 Malicious code in internallib_v52 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4d4bce17702fd04e9d38d97007a2bc8b4028c77159bcd19e1565f71d7f4ada4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...