Tagged: Cybersecurity Alert

In Dolibarr ERP & CRM

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit...

An improper session timeout issue in Fortra’s GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. More information...

HTML injection is possible in system generated emails in Fortra’s GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing. More information : https://www.fortra.com/security/advisories/product-security/fi-2026-006

User‑Controlled HTTP Header in Fortra’s GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure. More information : https://www.fortra.com/security/advisories/product-security/fi-2026-005

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2026089

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2015959

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2016915

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2021768

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2021770

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2022726

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2022746

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2023343