2112 matches found
AlmaLinux 9 : firefox (ALSA-2026:27734)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27734 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
RockyLinux 10 : firefox (RLSA-2026:27733)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
AlmaLinux 10 : firefox (ALSA-2026:27733)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
CVE-2025-71370
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
EUVD-2025-210307
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2025-71370 picklescan - Remote Code Execution via torch.jit.unsupported_tensor_ops.execWrapper
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2026-54232
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...
CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...
CVE-2026-54232
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...
CVE-2026-54232
vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...
firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process...
PT-2026-51418
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...
ALSA-2026:27734 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process...
ALSA-2026:27733 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process...
RHEL 10 : firefox (RHSA-2026:27733)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27733 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
MGASA-2026-0225 Updated luajit packages fix security vulnerabilities
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. CVE-2019-19391 LuaJIT through 2.1.0-beta3 h...
firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...
firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...
firefox: thunderbird: Incorrect boundary conditions in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript Engine: JIT component...