CVE-2025-56647

npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...

CVE-2023-0748

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6...

CVE-2024-32857

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege...

PT-2024-5604 · Dell · Dell Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the software. This could allow an attacker to potentially exploit the vulnerability through preloading malicious DLL o...

SUSE CVE-2005-0401

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolli...

BTCPay Server 输入验证错误漏洞

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. An input validation error vulnerability exists in versions of BTCPay Server prior to 1.7.6 that stems from an open redirect...

Influxdata InfluxDB 授权问题漏洞

InfluxDB is an open source temporal database developed by InfluxData. An authentication bypass vulnerability exists in the authenticate function in services/httpd/handler.go in versions prior to InfluxDB 1.7.6. The vulnerability stems from the fact that JWT tokens may have an empty SharedSecret. ...

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

security flaw

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window...

PT-2005-1635 · Mozilla · Mozilla Firefox +1

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 1.0.1 Mozilla versions prior to 1.7.6 Description: The issue allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK link file twice, which overwrites the file that...