PT-2026-21696

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript Engine...

PT-2026-21718

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description The JavaScript Engine component contains an invalid pointer issue. Recommendations Update Firef...

PT-2026-21699

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript Engine’s JIT component. This can potentially...

PT-2026-21700

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript: WebAssembly component. This can potentially le...

PT-2026-28095

Name of the Vulnerable Software and Affected Versions V8 versions 20.x through 25.x Description A flaw exists in V8's string hashing mechanism where integer-like strings are hashed to their numeric value, leading to predictable hash collisions. An attacker can exploit this by crafting requests th...

PT-2026-27400

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A use-after-free issue exists in the JavaScript Engine component. This condition occurs when...

PT-2026-26528

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium...

PT-2026-26521

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description An out-of-bounds write issue exists in the V8 JavaScript engine within Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTM...

PT-2026-21691

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript: GC...

PT-2026-21695

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description An integer overflow exists in the JavaScript: Standard Library component. This issue may allow...

PT-2026-21697

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description The software contains a flaw related to JIT miscompilation...

PT-2026-20520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.109 Description An integer overflow in the V8 JavaScript engine within Google Chrome could lead to heap corruption. This issue could be triggered by a remote attacker using a specially crafted HTML...

PT-2026-20325

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.22 Rack versions prior to 3.1.20 Rack versions prior to 3.2.5 Description Rack’s Rack::Directory component generates HTML directory indexes with clickable links for each file entry. If a file exists with a basename...

CVE-2025-69210

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

ASLR-bypass-simulation

ASLR Bypass Simulator An interactive educational web applicat...

CVE-2025-15355

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

WordPress NextGEN Gallery plugin <= 3.59.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.11...

WordPress JS Archive List plugin <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function vulnerability

Unauthenticated SQL Injection via buildsqlwhere Function vulnerability discovered by mikemyers in WordPress Plugin JS Archive List versions = 6.1.5...

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in npm-serialize-javascript (CVE-2024-11831)

Summary npm-serialize-javascript is used by IBM Storage Ceph in assorted components. CVE-2024-11831 Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize...

CVE-2025-15355 NetVision Information｜ISOinsight - Reflected Cross-site Scripting

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...