π¨ CVE-2026-50890
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
π@cveNotify
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.
π@cveNotify
Gist
Reference for CVE-2026-50890
Reference for CVE-2026-50890. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-11832
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
π@cveNotify
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
π@cveNotify
IETF Datatracker
RFC 5849: The OAuth 1.0 Protocol
OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing theirβ¦
π¨ CVE-2026-12087
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.
Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.
π@cveNotify
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.
Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.
π@cveNotify
π¨ CVE-2026-48017
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary JavaScript code that executes on the server with full process privileges, bypassing the require=null sandbox restriction. An authenticated user with basic access (no admin role, no run-shell-script permission required) can: execute arbitrary OS commands on the DbGate server with the privileges of the Node.js process, read/write any file accessible to the process, pivot to connected databases by reading connection credentials from DbGate's storage, and compromise the host system - in Docker deployments, this typically means root access within the container.
π@cveNotify
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary JavaScript code that executes on the server with full process privileges, bypassing the require=null sandbox restriction. An authenticated user with basic access (no admin role, no run-shell-script permission required) can: execute arbitrary OS commands on the DbGate server with the privileges of the Node.js process, read/write any file accessible to the process, pivot to connected databases by reading connection credentials from DbGate's storage, and compromise the host system - in Docker deployments, this typically means root access within the container.
π@cveNotify
GitHub
Release v7.1.9 Β· dbgate/dbgate
7.1.9
FIXED: writeQueryHistory function error #1432
FIXED: UUID parsing issues #1434, #1431
ADDED: Validation for function and file names, fixed security issues
CHANGED: Public DbGate cloud migrat...
FIXED: writeQueryHistory function error #1432
FIXED: UUID parsing issues #1434, #1431
ADDED: Validation for function and file names, fixed security issues
CHANGED: Public DbGate cloud migrat...
π¨ CVE-2026-12205
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r".
Keys used to sign more than once with an affected version should be considered compromised.
π@cveNotify
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r".
Keys used to sign more than once with an affected version should be considered compromised.
π@cveNotify
π¨ CVE-2026-12161
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host using stored elevation
credentials via a crafted alternate username and user interaction with
the Elevate Shell action.
π@cveNotify
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host using stored elevation
credentials via a crafted alternate username and user interaction with
the Elevate Shell action.
π@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
π¨ CVE-2026-12289
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2023443. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12290
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2024852. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12292
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2038465. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12293
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2039568. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12294
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2039873. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12295
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2040160. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12296
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2040515. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12297
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2041610. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12298
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2041981. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12299
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2043139. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12300
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 1704114. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12301
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2015647. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12302
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2034489. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12303
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2034608. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
π¨ CVE-2026-12304
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
π@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2034944. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.