19534 matches found
RHEL 8 : thunderbird (RHSA-2026:13537)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13537 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CopyFail Guard text...
AlmaLinux 10 : thunderbird (ALSA-2026:12285)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:12285 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScri...
RHEL 10 : thunderbird (RHSA-2026:12285)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:12285 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-31781
CVE-2026-31781 concerns the Linux kernel drm/ioc32 compat ioctl path, where a user-controlled pointer was used to index a table of function pointers (spectre-like pattern). The issue is mitigated by applying array_index_nospec on the index to the function-pointer list, as described in the fix. Co...
CVE-2026-31780
In CVE-2026-31780, the Linux kernel wi l c1000 Wi‑Fi driver is affected by a heap buffer overflow in the SSID scan path. The code accumulates total SSID lengths into a variable declared as u8, allowing up to 330 bytes for 10 SSIDs, but the u8 wrap causes a 75-byte kmalloc allocation followed by a...
CVE-2026-31709
In the Linux kernel SMB client (cifsacl), CVE-2026-31709 arises from insufficient validation of a server-provided DACL when rewriting security descriptors. The fix extends structural validation to ensure the DACL header, size, and per-ACE bounds are checked before any rewrite paths (replace_sids_...
CVE-2026-7581
The CVE describes a vulnerability in alexta69 MeTube up to 2026.04.09, affecting the CORS Policy implementation (function on_prepare in app/main.py). The issue results in a permissive cross-domain policy that can interact with untrusted domains and is exploitable remotely. A public exploit is ind...
Exploit for CVE-2026-31431
Copy-Fail---CVE-2026-31431 CVE-2026-31431 "Copy Fail" - Analys...
Exploit for CVE-2026-31431
CVE-2026-31431 Mitigation for Deckhouse Kubernetes Platform...
Exploit for CVE-2026-31431
CVE-2026-31431 "Copy Fail" — Ansible Mitigation Recipe !C...
Exploit for CVE-2026-31431
CVE-2026-31431 / GHSA-2274-3hgr-wxv6 — algifaead Remediator...
Exploit for CVE-2026-31431
copy-fail-fix Per-distro mitigation scripts for CVE-2026-314...
PT-2026-36292
Name of the Vulnerable Software and Affected Versions SourceCodester Advanced School Management System version 1.0 Description A SQL injection flaw exists in the 'checkEmail' endpoint within the commonController.php file. This issue allows remote attackers to manipulate database queries through a...
Exploit for CVE-2026-31431
copyfailautopatch Detect and optionally mitigate CVE-2026...
USN-8226-1: kmod update
It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...
Exploit for CVE-2026-31431
CVE-2026-31431 - Script de Verificacao e Mitigacao Este repos...
Exploit for CVE-2026-31431
Copy-Fail-CVE-2026-31431 A proof-of-concept exploit reprodu...
CVE-2026-7500
When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...