Astra Linux - уязвимость в firefox

Uploading files that contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

CVE-2019-12517

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...

WordPress Block For Mailchimp plugin server-side request forgery vulnerability

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

EUVD-2014-2303

Malware in sbrugna...

EUVD-2007-1181

Malware in sbrugna...

EUVD-2025-21048

Malicious code in bioql PyPI...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

PT-2025-29134 · Unknown · Secure-Upload

Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0 Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged...

CVE-2023-37206

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

CVE-2024-10860

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the submituninstallreasonaction function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers,...

CVE-2024-10860

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the submituninstallreasonaction function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers,...

WordPress plugin NextMove Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS...

CVE-2022-43712

POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965...

UBUNTU-CVE-2023-37206

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox 115...

Mozilla Firefox 后置链接漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 115, which stems from insufficient validation of symbolic links in the file system API. An attacker could exploit the vulnerability t...

A trusted node has the ability to submit the ExchangeRate multiple times for a single reportingBlockNumber.

Lines of code Vulnerability details Impact In this code, a trusted node can submit data several times. The trusted node can submit ExchangeRateData and then it can submit different data again about same reportingBlockNumber. This will occur mess of staderOracle contract, so it will be needed to b...

DEBIAN-CVE-2022-38472

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...