RHEL 9 : thunderbird (RHSA-2026:0004)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0004 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

RHEL 8 : firefox (RHSA-2026:0015)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0015 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : firefox (RHSA-2026:0016)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0016 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : thunderbird (RHSA-2026:0021)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0021 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6,...

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A cross-site scripting vulnerability exists in Vega versions prio...

PT-2026-1339

Name of the Vulnerable Software and Affected Versions Vega versions prior to 6.1.2 Vega versions prior to 5.6.3 Description Vega is a visualization grammar used for creating and sharing interactive visualization designs. Applications using Vega prior to versions 6.1.2 and 5.6.3 are susceptible to...

Important: firefox

Issue Overview: Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146 and Firefox ESR 140.6. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox 146, Firefox ESR 115.31, a...

ALSA-2026:0025 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 CVE-2025-14333 firefox: Use-after-free in the WebRTC: Signaling component CVE-2025-14321 firefox: JIT...

v8-exploit

No d...

Exploit for Use After Free in Apple Safari

CVE-2025-43529: JavaScriptCore DFG ObjectAllocationSinkingPhas...

PT-2026-1133

Name of the Vulnerable Software and Affected Versions listmonk versions prior to 6.0.0 Description listmonk is a self-hosted newsletter and mailing list manager. A user with campaign management permissions, but lower privileges, can inject malicious JavaScript into campaigns or templates. When a...

PT-2026-1131

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source laravel eCommerce platform, contains a stored Cross-Site Scripting XSS issue within the CMS page editor. The platform’s attempt to sanitize tags can be bypassed by manipulati...

CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

BIT-GITEA-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

PT-2026-20520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.109 Description An integer overflow in the V8 JavaScript engine within Google Chrome could lead to heap corruption. This issue could be triggered by a remote attacker using a specially crafted HTML...

PT-2026-26528

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium...

PT-2026-26521

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description An out-of-bounds write issue exists in the V8 JavaScript engine within Google Chrome. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTM...

PT-2026-27397

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 149 Firefox ESR versions prior to 115.34 and 140.9 Thunderbird versions prior to 149 and 140.9 Description: A flaw exists in the JavaScript Engine's JIT component, specifically a JIT miscompilation issue. This can le...

PT-2026-28095

Name of the Vulnerable Software and Affected Versions V8 versions 20.x through 25.x Description A flaw exists in V8's string hashing mechanism where integer-like strings are hashed to their numeric value, leading to predictable hash collisions. An attacker can exploit this by crafting requests th...

PT-2026-21719

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description A use-after-free issue exists in the JavaScript Engine component. This condition occurs when...