SUSE CVE-2026-2786

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

SUSE CVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

SUSE CVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

SUSE CVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

SUSE CVE-2026-2801

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

SUSE CVE-2026-2802

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

SUSE CVE-2026-2804

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.30.4 contained security vulnerabilities. These vulnerabilities stemmed from an insecure eval...

PT-2026-21923

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.30.4 Description Budibase, a low-code platform for creating internal tools, workflows, and admin panels, contains an unsafe eval vulnerability in its view filtering implementation. This issue affects Budibase Cloud...

PT-2026-22030

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description n8n is an open source workflow automation platform. A flaw exists in the JavaScript Task Runner sandbox, potentially allowing an authenticated...

PT-2026-21922

Name of the Vulnerable Software and Affected Versions LiveCode versions prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11 Description LiveCode is an open-source, client-side code playground. The i18n-update-pull GitHub Actions workflow is susceptible to JavaScript injection prior to commit...

Linux Distros Unpatched Vulnerability : CVE-2026-2786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Linux Distros Unpatched Vulnerability : CVE-2026-2764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8,...

Linux Distros Unpatched Vulnerability : CVE-2026-2758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and...

RHEL 10 : firefox (RHSA-2026:3361)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3361 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Hea...

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

PT-2026-22032

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, does not sanitize SVG files uploaded as task attachments. This allows for the inclusion of JavaScript code within the SVG file, which executes when th...

PT-2026-22084

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.49 Description The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary...

LiveCode 代码注入漏洞

LiveCode is a multi-platform programming tool developed by the LiveCode team. It can run on iOS, Android, OS X, Windows 95 through Windows 10, Raspberry Pi, and various Unix variants including Linux, Solaris, and BSD. LiveCode has a code injection vulnerability. This vulnerability stems from the...

📄 PDF Object Injection Generator

PDF object injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping. This proof of concept generates a malicious pdf for testing software such as jsPDF...