125 matches found
EUVD-2025-74053
Malicious code in zoophagousrhinocerossilver-72 npm...
Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122272 fixes one issue. The following security issue was fixed: CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free bsc1250302. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...
GHSA-2CJV-6WG9-F4F3 Strapi Password Hashing is Missing Maximum Password Length Validation
Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...
EUVD-2019-7493
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-17018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affect...
Adobe Photoshop 24.x < 24.7.5 / 25.x < 25.12 Multiple Vulnerabilities (macOS APSB24-72)
The version of Adobe Photoshop installed on the remote macOS or Mac OS X host is prior to 24.7.5/25.12. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-72 advisory. - Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write...
Adobe Experience Manager 6.5.0.0 < 6.5.19.0 Multiple Vulnerabilities (APSB23-72)
The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-72 advisory. - Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS...
SUSE CVE-2019-5755
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...
SUSE CVE-2019-5758
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
SUSE CVE-2019-17017
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...
SUSE CVE-2019-17018
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox 72...
SUSE CVE-2019-17021
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...
SUSE CVE-2019-17025
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 72...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 108 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 108.0.5359.71 Mac/linux and 108.0.5359.71/72 Windows contains a number of fixes and improvements -- a list of changes is...
ad2i-72.fr Cross Site Scripting vulnerability OBB-2920151
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ubuntu: Security Advisory (USN-72-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ad2i-72.fr Cross Site Scripting vulnerability OBB-2836720
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ip170.ip-164-132-72.eu Cross Site Scripting vulnerability OBB-2351629
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-45015
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72...
Firefox 72 IonMonkey - JIT Type Confusion
Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Date: 2021-05-10 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /||...