IBM Cognos Analytics和IBM Cognos Transformer 跨站脚本漏洞

IBM Cognos Analytics and IBM Cognos Transformer are products of American International Business Machines IBM. IBM Cognos Analytics is a business intelligence software suite. This software includes reports, dashboards, and scorecards, and can assist businesses in adjusting their decisions by...

opentelemetry-js 安全漏洞

opentelemetry-js is an open-source framework from OpenTelemetry - CNCF, designed for collecting traces, metrics, and logs from applications. Versions of opentelemetry-js prior to 0.217.0 contained a security vulnerability. This vulnerability stemmed from improper error handling in the URL parsing...

ALSA-2026:21380 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

RHEL 8 : firefox (RHSA-2026:21382)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:21382 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which stemmed from type confusion in the V8 engine. This vulnerability could allow attackers to execute arbitrary code within a sandbox by convincing users...

auth0.js 安全漏洞

auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability, which was caused by out-of-bound writes to memory by the V8 engine. This vulnerability could allow remote attackers to execute arbitrary code within...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability, which was caused by out-of-bounds writes in the V8 engine. This vulnerability could allow remote attackers to execute arbitrary code within a sandbo...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the V1 vi...

RHEL 9 : thunderbird (RHSA-2026:21381)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:21381 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability caused by V8 integer overflow. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially crafted HTML...

PT-2026-44605

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write exists in V8, the open-source JavaScript and WebAssembly engine. This issue allows a remote attacker to execute arbitrary code within a sandbox by inducing the...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

ALSA-2026:21378 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the list field process. An attacker can execute arbitrary JavaScript code in the browsers of site visitors and logged-in users by injecting malicious HTML content into the list field, which is then rendered ...

EUVD-2025-209946

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...