firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Bindings WebIDL component...

EUVD-2026-37107

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

CVE-2026-12316 Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37106

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

PT-2026-49685

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A mitigation bypass exists within the DOM security component...

PT-2026-49692

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A spoofing issue exists within the DOM: Core & HTML component...

PT-2026-49668

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Firefox ESR versions prior to 115.37 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description JIT miscompilation occurs in the DOM: Core & HTML...

PT-2026-49776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An issue exists in hostname validation where trailing-dot notation in model or workspace-derived URLs can be used to bypass blocklist comparisons. This occurs because hostname checks treat hosts...

MINI-CGMC-V394-687H

Bulletin has no description...

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

MINI-MVG6-456M-P46R

Bulletin has no description...

MINI-M3MQ-HM99-6P3V

Bulletin has no description...

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

MINI-P644-HCCC-F9WH

Bulletin has no description...

Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924

Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

CVE-2026-34022

The CVE-2026-34022 entry affects Wertheim SafeController Family 65000, Controller 65000 (AssemblyVersion 6.11.8130.22319). The root cause is the use of weak custom cryptographic algorithms with hard-coded keys to protect communications, enabling interception of data in transit. During reassessmen...

CVE-2026-45833

A flaw was found in the ChromaDB Python project. An authenticated attacker with UPDATECOLLECTION permission could exploit a code injection vulnerability. By sending a malicious model repository to a specific API endpoint with trustremotecode enabled, the attacker can execute arbitrary code on the...

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

CVE-2026-12220

A vulnerability exists in Yealink SIP-T46U firmware 108.86.0.118 affecting the mod_upgrade.SparePartsUpload handler in /api/upgrade/accupgradebychunk. Manipulating the uid argument can cause a stack-based buffer overflow. Exploitation is described as local-network only, with public disclosure and...

CVE-2026-38062

Summary: CVE-2026-38062 affects Tenda 5G03 (V05.03.02.04, Version 1.0). The issue is a command injection in the function action_set_rat_mode via the ratMode parameter. Multiple trusted sources (NVD, EUVD, CVE lists, vuln enrichment) describe this vulnerability with the same root cause. The CVSS v...