Linux Distros Unpatched Vulnerability : CVE-2026-0884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

KLA90835 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of...

CasaOS Detection (HTTP)

HTTP based detection of CasaOS. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.156132";...

Google Chrome < 144.0.7559.59 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.59. It is, therefore, affected by multiple vulnerabilities as referenced in the 202601stable-channel-update-for-desktop13 advisory. - Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a...

MiracleLinux 8 : firefox-140.6.0-1.el8_10.ML.1 (AXSA:2025-11551:37)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11551:37 advisory. firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-fr...

MiracleLinux 7 : gnome-shell-3.28.3-34.0.2.el7.AXS7 (AXSA:2025-9565:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9565:01 advisory. CVE-2024-36472: fix portal helper from launching automatically based on network responses to prevent loading untrusted JavaScript code CVEs: CVE-2024-36472 I...

MiracleLinux 9 : firefox-128.14.0-2.el9_6.ML.1 (AXSA:2025-10784:29)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10784:29 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

PT-2026-2372

Name of the Vulnerable Software and Affected Versions Testa version 3.5.1 Description The software contains a reflected cross-site scripting issue in the login.php file. Specifically, the redirect parameter is susceptible to malicious script injection. An attacker can craft a specially encoded...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. A code execution vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR due to a use-after-release in...

MiracleLinux 9 : firefox-140.3.0-1.el9_6.ML.1 (AXSA:2025-10915:32)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10915:32 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

PT-2026-2417

Name of the Vulnerable Software and Affected Versions Zippy CRM version 6.5.4 Description The software contains a reflected cross-site scripting issue that enables attackers to inject malicious scripts via unvalidated input parameters. Attackers can submit crafted payloads in manual insertion...

MiracleLinux 8 : thunderbird-128.14.0-3.el8_10.ML.1 (AXSA:2025-10810:21)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10810:21 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

Linux Distros Unpatched Vulnerability : CVE-2026-0885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22813

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

CVE-2025-46067

An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

SUSE-SU-2026:20031-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551: CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape...