Horilla 安全漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a security vulnerability. This vulnerability stems from an insecure direct object reference in the employee document upload endpoint, which could allow any authenticated user to...

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Issues...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the fact that, under limited visibility, the...

PT-2026-33924

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011324 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in...

Horilla 访问控制错误漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains an access control vulnerability, which stems from insecure direct object references in the employee document viewer. This vulnerability could allow any authenticated user to acce...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012988 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routin...

PT-2026-33960

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description A mitigation bypass exists within the DOM Security component. Recommendations Update to version 150 for Firefox. Update to version 150 for Thunderbird...

PT-2026-33941

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description A mitigation bypass exists in the DOM postMessage component. Recommendations Update to version 150 or later...

KLA90991 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote...

PT-2026-34061

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Live restreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011377 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftobjtypeget nftunregisterobj can concurrent wit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012972)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012972 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix potential data-race in nftobjtypeget nftunregisterobj can concurrent wit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013059 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'stru...

PT-2026-33957

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Firefox ESR versions prior to 140.10 Thunderbird versions prior to 150 Thunderbird versions prior to 140.10 Description A mitigation bypass exists within the DOM Security component. Recommendations Update to versi...

Mozilla -- Spoofing issue

https://bugzilla.mozilla.org/showbug.cgi?id=2021080 reports: Spoofing issue in the DOM: Core & HTML component...

Mozilla -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2016915 reports: Mitigation bypass in the DOM: Security component...

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2022162 reports: Incorrect boundary conditions in the DOM: Device Interfaces component...

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2014596 reports: Use-after-free in the DOM: Core & HTML component...