SUSE CVE-2026-27945

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

CVE-2025-68718

KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...

CVE-2025-13027

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

CVE-2025-13015

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

CVE-2025-43419

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption...

MAL-2025-48954 Malicious code in @acme-types/acme-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1b754e0118dde98a24e6f1ea46eb2ed30d7b59cd938fbc627e6dc4429251482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-11708

Use-after-free in MediaTrackGraphImpl::GetInstance. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

CVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

CVE-2025-11153

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...

CVE-2025-10527

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-10528

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the online or hybrid meeting embeds. Workaround Users who are not able to upgrade to the fixed version can disable the creation of meetings by participants in the meeting component. Details Cross-site...

SUSE CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

Jenkins Compuware ISPW Operations Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Malicious code in gxm-reference-web-auth-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9855cd313f0caad339a8d9a7e306fa02de1b2f2a0b2436b0d463a33f78e09c08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-25845

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

Sharetribe Go 操作系统命令注入漏洞

Sharetribe Go is a source-available marketplace software from the Sharetribe team. An OS command injection vulnerability exists in versions of Sharetribe Go prior to 10.2.1, users who are unable to upgrade should set the snsnotificationtoken configuration parameter to a confidential value...

Vulnerabilities fixed in Dell EMC NetWorker

Dell has fixed two vulnerabilities in EMC NetWorker. A malicious party with user rights on the NetWorker server could access sensitive data on NetWorker clients via path-traveral. data on NetWorker clients. Dell has released updates to fix the vulnerabilities in EC Networker 19.4.0.4. Also, Dell...

UBUNTU-CVE-2019-25039

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...