160 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the File System of Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The use of after-free in Web Workers in Google Chrome before version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...
Astra Linux – Vulnerability in Firefox
When downloading an HTML file, if the title of the page is formatted as a filename with a malicious extension, Firefox may save the file with that extension. This could lead to potential system compromise if the downloaded file is later executed. This vulnerability affects Firefox versions earlie...
Astra Linux – Vulnerability in Firefox and Thunderbird
Keyboard events reference strings like “KeyA” that are located at fixed, known, and widely-distributed addresses. Cache-based timing attacks, such as Prime+Probe, could potentially determine which keys were pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Firefox
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 106. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execut...
Astra Linux – Vulnerability in Firefox
If an attacker loads a font using FontFace on a background worker, a use-after-free might occur, resulting in a potentially exploitable crash. This vulnerability affects Firefox versions earlier than 107...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-107 (ALASECS-2026-107)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-107 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in...
MiracleLinux 4 : setroubleshoot-3.0.47-6.1.0.1.AXS4 (AXSA:2015-107:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-107:01 advisory. Description: setroubleshoot GUI. Application that allows you to view setroubleshoot-server messages. Provides tools to help diagnose SELinux problems. When AV...
CVE-2016-10738
Zenbership v107 has CSRF via admin/cp-functions/event-add.php...
CVE-2019-11814
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot...
CVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...
CVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...
CVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...
CVE-2025-68718
KAYSUS KS-WR1200 routers, firmware 107, expose SSH and TELNET on the LAN interface with hardcoded credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password, and changing the management GUI password has no effect on SSH/TELNET authentication. Any...
PT-2026-1920
Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR1200 version 107 Description KAYSUS KS-WR1200 routers with firmware version 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or...
MAL-2025-165091 Malicious code in riyanto-107 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deafeac2528cff227f320fa0045a290a690a24bacd51dc09346858f922f67ef6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-64433
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...