82 matches found
CVE-2026-23598
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...
CVE-2026-23598
creationtimestamp| type| source ---|---|--- 2026-02-11 13:55:22+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3melmwllbwu2m...
MiracleLinux 8 : thunderbird-102.7.1-1.el8.ML.1 (AXSA:2023-4905:03)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4905:03 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
MiracleLinux 9 : thunderbird-102.7.1-1.el9.ML.1 (AXSA:2023-5071:08)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5071:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
MiracleLinux 9 : firefox-102.7.0-1.el9.ML.1 (AXSA:2023-5064:08)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5064:08 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...
TencentOS Server 3: firefox (TSSA-2023:0188)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0188 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-23598
creationtimestamp| type| source ---|---|--- 2025-02-14 13:16:42+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li5by63rxm2i 2025-02-14 13:38:44+00:00| seen| https://infosec.exchange/users/cve/statuses/114002514671594776...
CVE-2025-23598 WordPress Recip.ly plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in [email protected] Recip.ly allows Reflected XSS. This issue affects Recip.ly: from n/a through 1.1.8...
CVE-2025-23598
CVE-2025-23598 is a Reflected XSS in the WordPress plugin Recip.ly (WordPress plugin/Recip.ly) that affects versions up to 1.1.8. The vulnerability arises from improper neutralization of user-supplied input during web page generation, enabling cross-site scripting. Multiple sources (NVD, Red Hat ...
CentOS 8 : firefox (CESA-2023:0288)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0288 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...
CentOS 8 : thunderbird (CESA-2023:0463)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0463 advisory. - Mozilla: libusrsctp library out of date CVE-2022-46871 - Mozilla: Fullscreen notification bypass CVE-2022-46877 - Mozilla: Arbitrary file read from G...
Rocky Linux 9 : thunderbird (RLSA-2023:0476)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0476 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...
Rocky Linux 8 : firefox (RLSA-2023:0288)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0288 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...
Rocky Linux 8 : thunderbird (RLSA-2023:0463)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...
CVE-2023-23598
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...
CVE-2023-23598
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...
CVE-2023-23598
CVE-2023-23598 describes an Arbitrary file read via GTK drag-and-drop in Firefox/Thunderbird where the GTK wrapper uses text/plain for drag data; GTK treats text/plain MIMEs with file URLs as dragged, enabling DataTransfer.setData to read local files. Affected versions: Firefox < 109, Firefox ...
CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...
Mageia: Security Advisory (MGASA-2023-0034)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-3324-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...