firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

CVE-2026-42077

Evolver (package @evomap/evolver) is affected by a prototype pollution flaw in the mailbox store operations, introduced via Object.assign in _applyUpdate()/_updateRecord(). An attacker can pollute Object.prototype by injecting dangerous keys (e.g., proto , constructor, prototype) through crafted ...

CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

CVE-2026-42077

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID

A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...

Security Bulletin: pyasn1 Memory Exhaustion via Malformed RELATIVE-OID Leads to Denial of Service

Summary pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. Vulnerability Details CVEID:CVE-2026-23490...

Security Bulletin: Denial of Service in Axios via Malicious __proto__ in Configuration Object

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a maliciou...

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

UBUNTU-CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

EUVD-2026-26902

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

CVE-2026-43863

CVE-2026-43863 affects mutt prior to 2.3.2, where an infinite loop in data_object_to_stream (crypt-gpgme.c) is reported. The CVSS 3.1 vector indicates low availability impact. No remediation or specific fix details are provided in the connected documents. Affected version range inferred: mutt

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

PT-2026-36776

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description An infinite loop exists in the data object to stream function within the crypt-gpgme.c file. Recommendations Update to version 2.3.2 or later...

VulnCheck KEV: CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

VulnCheck KEV: CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

mutt 安全漏洞

Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 contained a security vulnerability, which stemmed from an infinite loop in dataobjecttostream in crypt-gpgme.c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: Avoid a use-after-free when BO init fails nouveauboinit is backed by ttmboinit and passes its return value back to the caller. In case of failures, ttmboinit invokes the provided destructor, which should...

Astra Linux – Vulnerability in Firefox

A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...

Astra Linux – Vulnerability in Chromium

In ANGLE of Google Chrome, before version 96.0.4664.110, there was an issue with the object lifecycle mechanism that allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...