protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

MiracleLinux 7 : firefox-128.10.0-1.0.2.el7.AXS7 (AXSA:2025-9956:15)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9956:15 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

TencentOS Server 4: thunderbird (TSSA-2025:0395)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0395 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: mozjs (TSSA-2025:0366)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0366 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2009-0088

Malware in sbrugna...

EUVD-2019-2182

Malware in sbrugna...

EUVD-2019-2185

Malware in sbrugna...

EUVD-2019-2183

Malware in sbrugna...

EUVD-2025-19448

Malicious code in bioql PyPI...

EUVD-2025-12730

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-10145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter do not have seccomp filtering duri...

RockyLinux 9 : thunderbird (RLSA-2025:4460)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4460 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

RLSA-2025:4443 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox:...

ROS-20250616-08

Vulnerability in Mozilla Firefox, Firefox ESR browsers and Thunderbird mail client of operating systems Windows is related to insufficient process isolation when processing "javascript:" URI links. Exploitation of the The exploitation of this vulnerability could allow a remote attacker to bypass...

[SECURITY] Fedora 41 Update: libkrun-1.13.0-1.fc41

Dynamic library providing Virtualization-based process isolation capabilities...

[SECURITY] Fedora 42 Update: libkrun-1.13.0-1.fc42

Dynamic library providing Virtualization-based process isolation capabilities...

NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...

RHEL 10 : firefox (RHSA-2025:7506)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:7506 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-038 (ALASFIREFOX-2025-038)

The version of firefox installed on the remote host is prior to 128.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-038 advisory. An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE...