326 matches found
XWiki < 4.10.20 - Remote code execution
XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user...
Astra Linux – Vulnerability in Firefox and Thunderbird
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Firefox and Thunderbird
Using the Location API in a loop could cause severe application hangs and crashes. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads, it is possible to reach the critical hardware shutdown...
Astra Linux – Vulnerability in Chromium
Before version 95.0.4638.54, using "use after free" in Dev Tools in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restrictions by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
CVE-2003-1569
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service daemon crash via an HTTP request with a 1 con, 2 nul, 3 clock$, or 4 config$ device name in a path component, different vectors than CVE-2001-0385...
CVE-1999-0153
Windows 95/NT out of band OOB data denial of service through NETBIOS port, aka WinNuke...
CVE-1999-0391
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user...
CVE-1999-0387
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords...
Mozilla Thunderbird < 146.0
The version of Thunderbird installed on the remote Windows host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-95 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146, Firefox ESR 140.6,...
Mozilla Thunderbird < 146.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-95 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146, Firefox ESR...
Malicious code in icha-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cede944656044dbe86fcbd24b7a386653b249221204a86110e6206a45ef0285 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in cinta-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9887c053f66b78bad2840e19ad96830f02402a1a47f81d026b1ffc61fef03e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hariyono-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 219182a6708d5f796c793d3af6e47db042b6d0c37a4c09828d84314da0fe3cf4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in bitha-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38f1060d15271a31ac47c03d4f93b1499ceb7448ea9131bffeb9d6013a38085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-153897 Malicious code in bitha-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c38f1060d15271a31ac47c03d4f93b1499ceb7448ea9131bffeb9d6013a38085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in rita-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f328c67bca3b3029d0f1cafeeafdb11f65ad7a12284137ac6c3b21c41ec0bbd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in billa-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4350eb10028f96c2678b1394bfc096fc72ab5bbe36b7eb0a4312f71313442763 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-154130 Malicious code in cinta-95 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9887c053f66b78bad2840e19ad96830f02402a1a47f81d026b1ffc61fef03e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...