FreeBSD : FreeBSD -- Use-after-free bug in the IPV6_MSFILTER socket option handler (c5b7ac13-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5b7ac13-6473-11f1-958d-bc241121aa0a advisory. The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list...

MediaTek WLAN Vulnerabilities - Lenovo Support US

No description provided...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-2022)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : bpf, cpumap: Make sure kthread is running before map update returnsCVE-2023-53577 macvlan: fix error recovery in...

CVE-2026-8474

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

thunderbird security update

140.11.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.11.0 - Add OpenELA debranding 140.11.0-1 - Update to 140.11.0 ESR...

CVE-2026-8474

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

CVE-2026-8474

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

CVE-2026-8474 Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

EUVD-2026-33586

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

Stormshield Network Security security vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall developed by the French company Stormshield. Versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5 of Stormshield Network Security contain security vulnerabilities. These vulnerabilities stem from...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...

OESA-2026-2468 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

RLSA-2026:19348 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

CVE-2026-46193

A flaw was found in the Linux kernel's xfrm: ah component, which handles network security protocols. When Extended Sequence Number ESN is active, the kernel incorrectly processes parts of network packet data during security checks. This error can lead to the system dropping legitimate network...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

firefox security update

140.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.11.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.11.0-1 - Update to 140.11.0 ESR...

RHEL 10 : kernel (RHSA-2026:21557)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21557 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: j1939sessionnew:...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...