UAT-4356's Targeting of Cisco Firepower Devices

Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices' Firepower eXtensible Operating System FXOS. UAT-4356 exploited n-day vulnerabilities CVE-2025-20333 and CVE-2025-20362 to gain unauthorized access to vulnerable devices, where the threat actor deployed their...

EUVD-2026-4356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

[SECURITY] [DLA 4356-1] ublock-origin security update

Debian LTS Advisory DLA-4356-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 31, 2025 https://wiki.debian.org/LTS Package : ublock-origin Version : 1.67.0+dfsg-1deb11u1 Debian Bug : 1108878 Ublock-origin is a lightweight and efficient ads, malware and...

DLA-4356-1 ublock-origin - security update

Bulletin has no description...

CVE-2025-4356

creationtimestamp| type| source ---|---|--- 2025-05-06 13:21:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15108 2025-05-06 14:41:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loj4ifuvpm2p 2025-05-06 18:39:52+00:00| exploited|...

Linux Distros Unpatched Vulnerability : CVE-2016-4356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The appendutf8value function in the DN decoder dn.c in Libksba before 1.3.3 allows remote attackers to cause a denial of service out-of-bounds read by clearing...

CVE-2024-4356

creationtimestamp| type| source ---|---|--- 2024-05-30 07:38:00+00:00| seen| https://t.me/HackingInsights/1141...

CVE-2024-4356

The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress List categories Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)

Software List categories Type Plugin Vulnerable versions = 0.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4356 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf1866c408f1 Credits Krzysztof Zając Required...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0234-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA61310 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Audio can be exploited to cause denial of servi...

Chromium: CVE-2023-4356 Use after free in Audio

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Debian: Security Advisory (DSA-5479-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5479-1 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5479 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For...

SUSE CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4356

CVE-2023-4356 describes a use-after-free in Audio for Google Chrome prior to 116.0.5845.96, enabling a remote attacker who induces user UI interaction to potentially trigger heap corruption via a crafted HTML page. Public advisories (Debian, FreeBSD, Gentoo, Fedora, etc.) align on affected produc...

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Stable Channel Update for Desktop

The Stable and Extended stable channels has been updated to 116.0.5845.96 for Mac and Linux and 116.0.5845.96/.97 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and...