FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Previous versions of Bludit, such as 6732dde, had a cross-site scripting vulnerability. This vulnerability stemmed from the search plugin’s reflective cross-site scripting feature, which allowed...

nest 安全漏洞

Nest is a Node.js framework developed by NestJS, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Versions of Nest prior to 11.1.19 contained a security vulnerability. This vulnerability stemmed from the recursive invocation of...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete XSS repairs in the ParsedownSafeWithLinks class, as well as the lack of coverage for...

Linux Distros Unpatched Vulnerability : CVE-2026-6754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and...

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

KLA90994 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A...

KLA90995 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A...

PT-2026-33965

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description An issue exists in the JavaScript Engine component. Recommendations Update Firefox to version 150. Update Thunderbird to version 150...

PT-2026-33940

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Firefox ESR versions prior to 115.35 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10 Description A use-after-free issue exists in the JavaScript Engine...

PT-2026-33943

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10 Description An invalid pointer exists in the JavaScript: WebAssembly component. Recommendations Update to...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

PT-2026-34007

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

PT-2026-33985

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

PT-2026-34175

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The YPTSocket plugin WebSocket server relays JSON message bodies to all connected clients without sanitizing the msg and callback fields. On the client side, the plugin/YPTSocket/script.js file...

PT-2026-34179

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

PT-2026-34221

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

PT-2026-33944

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description A use-after-free issue exists in the JavaScript: WebAssembly component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a...