CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

PT-2026-44077

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.98 Description OneUptime is an open-source monitoring and observability platform. The software uses the Node.js vm module as an isolation primitive. Because this API was not designed for isolation, it can be...

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

USN-7874-2: Linux kernel (FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

Ubuntu: Security Advisory (USN-7862-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2021-18103

Malware in sbrugna...

EUVD-2022-15461

Malicious code in bioql PyPI...

EUVD-2021-33992

Malicious code in bioql PyPI...

EUVD-2024-15936

Malicious code in bioql PyPI...

EUVD-2025-12730

Malicious code in bioql PyPI...

EUVD-2024-15935

Malicious code in bioql PyPI...

EUVD-2024-28309

Malicious code in bioql PyPI...

EUVD-2024-54503

Malicious code in bioql PyPI...

EUVD-2024-15934

Malicious code in bioql PyPI...

CVE-2025-46416

The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account e.g., nixbld or guixbuild. This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before...

Mageia: Security Advisory (MGASA-2025-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated firefox packages fix security vulnerabilities

A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox...

CVE-2025-4083

CVE-2025-4083 is a process isolation vulnerability in Thunderbird/Firefox caused by improper handling of javascript: URIs, which can let content execute in the top-level process instead of the intended frame, potentially enabling a sandbox escape. Affected: Firefox < 138, Firefox ESR < 128....

CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...

CVE-2025-4083 Process isolation bypass using "javascript:" URI links in cross-origin frames

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...