CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector)

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

SUSE-SU-2026:2001-1 Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

PT-2026-41919

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Thunderbird versions prior to 151 Description An information disclosure issue exists within the DOM security component...

PT-2026-41909

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A privilege escalation issue exists within the DOM: Workers component...

PT-2026-41923

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Thunderbird versions prior to 151 Description A mitigation bypass exists within the DOM security component...

Drupal core 安全漏洞

Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. There are security vulnerabilities in Drupal Core, which stem from improper control of dynamic object attribute determination, potentially leading to object injection attacks. The following...

PT-2026-41877

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An Insecure Direct Object Reference IDOR flaw exists in the Authorization Services Protection API endpoint. An authenticated client can bypass authorization checks by providing the unique...

apscheduler 安全漏洞

apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...

PT-2026-41901

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A use-after-free issue exists in the DOM: Bindings WebID...

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

Impacket 0.13.1

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

PT-2026-41865

Name of the Vulnerable Software and Affected Versions Content Element Selector ceselector affected versions not specified Description The extension passes an attacker-controlled cookie directly to the unserialize function without safe processing. A remote, unauthenticated attacker can provide a...

ALSA-2026:19365 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

PT-2026-41916

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A mitigation bypass exists within the DOM security component. Recommendations Update to versi...

Security updated provided in Brocade ASCG 3.4.0b for container-tools (CVE-2024-24785, CVE-2025-61729, CVE-2025-65637)

Security update provided in Brocade ASCG before ASCG 3.4.0b CVE-2024-24785 Title: Errors returned from JSON marshaling may break template escaping in html/template Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

CVE-2026-31072

The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...

ALSA-2026:19348 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...