GHSA-MHC9-48GJ-9GP3 Fickling has safety check bypass via REDUCE+BUILD opcode sequence

Assessment It is believed that the analysis pass works as intended, REDUCE and BUILD are not at fault here. The few potentially unsafe modules have been added to the blocklist https://github.com/trailofbits/fickling/commit/0c4558d950daf70e134090573450ddcedaf10400. Original report Summary All 5 of...

EUVD-2005-2261

Malware in sbrugna...

EUVD-2025-29642

Malicious code in bioql PyPI...

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications. The XWiki platform allows attackers to perform XSS attacks.

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications, is related to the absence of warnings about dangerous actions when loading edited objects. Exploiting this vulnerability could allow attackers to perform XSS...

The vulnerability of the XWiki platform for creating collaborative web applications lies in the lack of warnings about dangerous actions, allowing a violator to execute arbitrary code.

The vulnerability of the XWiki Platform lies in the modification of the XClass structure’s properties due to the absence of warnings about dangerous actions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Microsoft Edge browser’s vulnerability, related to the absence of warnings for dangerous actions, allows attackers to carry out spear-phishing attacks.

The vulnerability of Microsoft Edge is related to the absence of warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to carry out spear-phishing attacks...

The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems allows a hacker to perform spoofing attacks.

The vulnerability in the full-screen notification mode of the Mozilla Firefox browser on Android operating systems relates to the absence of warnings about dangerous actions when loading pop-up windows for downloaded files. Exploiting this vulnerability allows a remote attacker to carry out...

The vulnerability in Mozilla Firefox’s Brazzer relates to insufficient warnings about dangerous actions, allowing a violator to execute arbitrary code.

The vulnerability of Mozilla Firefox’s Brazzer is related to insufficient warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Mozilla Firefox browser, related to insufficient warnings about dangerous actions, allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to insufficient warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20230919-04

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the lack of a warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack. a spoofing attack. The vulnerability in Mozilla Thunderbi...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the lack of proper warnings about dangerous actions, allowing attackers to upload arbitrary files.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient warnings about dangerous actions. Exploiting these vulnerabilities allows a remote attacker to upload arbitrary files...

The vulnerability of Mozilla Thunderbird’s email client, related to insufficient warnings about dangerous actions, allows a hacker to execute a spamming attack.

The vulnerability of Mozilla Thunderbird’s email client is related to insufficient warnings about dangerous actions. Exploiting this vulnerability could allow a malicious actor to perform a spamming attack remotely...

The vulnerability of the SCADA system AVEVA Edge’s script creation function, related to insufficient warning for dangerous actions, allows a violator to execute arbitrary code.

The vulnerability of the SCADA system AVEVA Edge’s script creation function is related to insufficient warnings about dangerous actions. Exploiting this vulnerability allows a perpetrator to execute arbitrary codes...

The vulnerability of the Mozilla Firefox browser, related to insufficient warnings about dangerous actions, allows a hacker to execute a spear-phishing attack.

The vulnerability of the Mozilla Firefox browser is related to insufficient warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to perform a spear-phishing attack...

The vulnerability of the Mozilla Firefox browser, related to insufficient warnings about dangerous actions, allows a hacker to carry out an attack using a spearphishing technique.

The vulnerability of the Mozilla Firefox browser is related to insufficient warnings about dangerous actions. Exploiting this vulnerability allows a remote attacker to carry out an attack using a spearphishing technique by replacing the user’s browser interface...

Zomato: Amazon S3 bucket misconfiguration (share)

Hi, Description I have discovered one of your Amazon S3 bucket and tested it via the AWS command line tool on Linux. It looks like permissions are not well configured and allow dangerous actions to everyone. The vulnerable bucket is: zomato-share PoC: aws s3 ls s3://zomato-share aws s3 cp test...

DSA-810-1 mozilla - several

Bulletin has no description...

security flaw

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass (2)

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass 2 source: https://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May...