1781 matches found
USN-8079-1: less vulnerability
It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...
UBUNTU-CVE-2026-2807
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148...
CVE-2026-2777
CVE-2026-2777 is a privilege-escalation vulnerability in the Firefox/Thunderbird Messaging System component. The issue is fixed in Firefox 148, Firefox ESR 115.33/140.8, Thunderbird 148, and Thunderbird 140.8. Connected sources (Astra Linux, AWS advisories, Debian security notes) confirm the same...
CVE-2026-2765 Use-after-free in the JavaScript Engine component
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-25506 affecting package munge for versions less than 0.5.18-1
CVE-2026-25506 affecting package munge for versions less than 0.5.18-1. An upgraded version of the package is available that resolves this issue...
PT-2026-21090
Name of the Vulnerable Software and Affected Versions ModelTheme Addons for WPBakery and Elementor versions prior to 1.5.6 Description A flaw exists in ModelTheme Addons for WPBakery and Elementor that allows for Object Injection due to deserialization of untrusted data. This issue impacts the...
CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17
CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17. A patched version of the package is available...
CVE-2026-2655
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::strless::operator of the file include/chaiscript/chaiscriptdefines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the operator in the chaiscript::strless function of the chaiscriptdefines.hpp file. An attacker can cause a program crash or unexpected behavior by triggering use of memory after it has been freed through complex loca...
PT-2026-20416
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::str less::operator of the file include/chaiscript/chaiscript defines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...
CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1
CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-24312
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
CVE-2026-24312
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...
firefox: thunderbird: Use-after-free in the JavaScript: GC component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...
WordPress Tutor LMS plugin <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability
Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Course Modification and Deletion vulnerability discovered by WordFence in WordPress Plugin Tutor LMS versions = 3.9.5...
firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...
AZL-75470 CVE-2026-24809 affecting package ntopng for versions less than 5.2.1-4
An issue from the component luaGrunerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs...
CVE-2025-69186 WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...
Improper Access Control
github.com/kyverno/kyverno is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of multiple policy exceptions in enforce mode, which allows an attacker to bypass enforced policies by leveraging a less restrictive exception even when a more restrictive exception...