PT-2026-41923

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Thunderbird versions prior to 151 Description A mitigation bypass exists within the DOM security component...

PT-2026-41916

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A mitigation bypass exists within the DOM security component. Recommendations Update to versi...

PT-2026-41961

Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...

RHEL 9 : firefox (RHSA-2026:19201)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

CVE-2026-40020

A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...

SUSE-SU-2026:1944-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

apache-struts-cve-2017-56...

PT-2026-41691

Name of the Vulnerable Software and Affected Versions mcp-security versions prior to 0.1.9 Description The mcp-security framework fails to implement mandatory Server-Side Request Forgery SSRF mitigations—a flaw where an attacker can induce the server to make requests to an unintended location—as...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

CVE-2026-24118

A flaw was found in vm2, an open-source sandbox for Node.js. This sandbox breakout vulnerability allows attackers to write malicious code that can escape the vm2 sandbox. Successful exploitation enables the execution of arbitrary commands on the host system, leading to critical system compromise...

CVE-2026-23479

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-7258

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

CVE-2026-41506

A flaw was found in go-git, an extensible Git implementation library for Go. This vulnerability allows an attacker to potentially obtain sensitive HTTP authentication credentials. This can occur when go-git follows redirects during smart-HTTP clone and fetch operations, leading to the unintended...

CVE-2025-61669

A flaw was found in Jupyter Server. The login flow's next query parameter is insufficiently validated, allowing redirects to arbitrary external domains. A remote attacker can exploit this vulnerability by crafting a malicious login URL, which could redirect users to a harmful website and facilita...

CVE-2026-6691

A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...