Astra Linux – Vulnerability in Firefox and Thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

PT-2026-48524

Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...

Malicious code in localization-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf143361939feffe7099c14acc7cf41a401681481e932e15d6054dde49e88f94 [email protected] is an empty shell package: index.js is module.exports = and package.json has no description or author. Its dependencies...

MAL-2026-5447 Malicious code in localization-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf143361939feffe7099c14acc7cf41a401681481e932e15d6054dde49e88f94 [email protected] is an empty shell package: index.js is module.exports = and package.json has no description or author. Its dependencies...

EUVD-2026-34923

The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49143 via browserstack-runner (>=0.2.1 <=0.9.4)

browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49143 Source advisory: OSV:GHSA-6VR3-7WCX-V5G5...

Patcher: Post-Hoc Patching of Backdoored Large Language Models

Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical wh...

Updated nspr, nss and firefox(-l10n) packages fix security issues

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...

Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems

Cyber-Physical Systems CPS integrate sensing, communication, computation, and control to support critical infrastructure, including smart grids, industrial automation, and control systems. In the electrical utility domain, various controllers are used in CPS to ensure the system detects and...

TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification

Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

DCVD: Dual-Channel Cross-Modal Fusion for Joint Vulnerability Detection and Localization

Software vulnerability detection plays a critical role in ensuring system security, where real-world auditing requires not only determining whether a function is vulnerable but also pinpointing the specific lines responsible. However, existing approaches either rely on a single information source...

CVE-2026-34091 User localization leaked by AbuseFilter + EventStream

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34091

CVE-2026-34091 affects Wikimedia Foundation MediaWiki prior to versions 1.43.7, 1.44.4 and 1.45.2, exposing sensitive information to unauthorized actors. The connected sources confirm an information disclosure issue in MediaWiki with those versions. Debian advisory DSA-6208-1 states fixes for Med...

CVE-2026-34091 User localization leaked by AbuseFilter + EventStream

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-41886

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

EUVD-2026-28796

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 contained a security vulnerability, which was exploited by screenshots, tasks, and component link APIs, allowing enumeration of translations in items that users...