OPENSUSE-SU-2026:20612-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

SUSE CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

SUSE CVE-2026-6757

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

SUSE CVE-2026-6758

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

SUSE CVE-2026-6779

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6758

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: WebAssembly component...

CVE-2026-6757

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...

CVE-2026-6779

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the JavaScript Engine component...

CVE-2026-6754

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

CVE-2026-41130

Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...

PT-2026-34299

Name of the Vulnerable Software and Affected Versions Bread & Butter versions prior to 8.2.0.26 Description Stored Cross-Site Scripting is possible via the 'breadbutter-customevent-button' shortcode. The customEventShortCodeButton function fails to apply proper input sanitization and output...

GitLab 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-5816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.10.4 and...

PT-2026-34520

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where improper path validation under certain conditions could allow an unauthenticated user to execute arbitrary JavaScript in ...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1509-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1509-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Beghelli Sicuro24 SicuroWeb 安全漏洞

Beghelli Sicuro24 SicuroWeb is a remote security monitoring and alarm management platform developed by the Italian company Beghelli. There are security vulnerabilities in Beghelli Sicuro24 SicuroWeb. These vulnerabilities stem from the failure to enforce content security policies. The platform...

PT-2026-34541

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP...

Joern 4.0.525

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-34613

Name of the Vulnerable Software and Affected Versions Nuclei versions 3.0.0 through 3.7.9 Description A flaw in the JavaScript protocol runtime's module loading system allows JavaScript templates to read local .js and .json files from the host filesystem. This occurs because the require function...

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...