Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

CVE-2026-12068 是 Avira Password Manager（与 Mozilla Firefox 配合使用时）中的一个信息泄露漏洞。当用户在 Firefox 浏览器中安装 Avira Password Manager 扩展后，该扩展负责自动填充网页表单中的用户名和密码。然而，由于不正确的自动填充字段选择逻辑，一个远程攻击者可以在一个跨域 iframe 中操纵受害者浏览器，诱使扩展将父页面的自动填充凭据泄露给 iframe 中的恶意页面。具体来说，攻击者可以创建一个包含恶意 iframe 的网页，当受害者在同一浏览器中已登录某个网站（如银行或社交媒体）且 Avira Password Manager 为该网站保存了凭据时，攻击者的 iframe 可能会接收这些凭据。该漏洞影响 Windows、macOS 和 Linux 平台上的 Avira Password Manager。CVSS 评分为 7.4（高），攻击向量为网络，攻击复杂度低，无需特权，但需要用户交互（如点击或浏览恶意页面），影响范围为已改变，机密性影响为高，完整性和可用性无影响。虽然目前没有证据表明该漏洞已被在野利用或列入已知被利用漏洞目录，但鉴于其可能泄露敏感凭据，用户应尽快采取防护措施。建议升级到 Avira Password Manager 的修复版本（官方已发布补丁），同时避免在浏览器中打开可疑网页或点击未知链接。对于企业环境，可考虑限制跨域 iframe 行为或使用浏览器安全策略缓解风险。

OpenStack Ironic 是用于裸机管理的组件，其版本低于 35.0.2 存在一个安全漏洞，允许经过身份验证的恶意项目管理员或经理通过 pxe_template 读取 Ironic conductor 上的本地文件。该漏洞源于对 pxe_template 输入验证不足，攻击者可以利用此功能构造特殊请求，导致服务器端文件读取。CVSSv3 评分为 4.9（中等），攻击复杂度低，需要高权限（项目管理员或经理），但无需用户交互，影响范围为机密性（高），不影响完整性和可用性。受影响版本包括 35.0.2 之前的所有 Ironic 发行版。建议用户升级到 Ironic 35.0.2 或更高版本，并限制对 Ironic API 的网络访问，仅允许受信任的管理员进行操作。目前没有证据表明该漏洞已在野外被利用或列入 KEV。

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.

Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

### Summary A vulnerability in the Linux kernel's algif_aead subsystem (CVE-2026-31431, "copy.fail") allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AF_ALG crypto interface and splice(). On Talos Linux, this vulnerability can be chained into a complete node compromise: an attacker who can schedule a pod on a worker node can, without any elevated Kubern

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and

KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or

KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or