2463 matches found
SUSE CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...
UBUNTU-CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 138 and Thunderbir...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
CVE-2025-4086 affects Thunderbird for Android and Firefox/ Thunderbird versions earlier than 138. The issue is triggered by a filename containing a large number of encoded newline characters that can obscure the file extension in the download dialog, potentially misleading users about the downloa...
CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes"...
CVE-2025-43861
ManageWiki (a MediaWiki extension) is affected by a self‑XSS vulnerability in the review changes dialog. Before commit 2f177dc, an authenticated user can alter a form field to inject a payload, which is then executed when the user opens the Review Changes dialog. The issue has been patched in com...
PT-2025-17856 · Mediawiki · Managewiki
Name of the Vulnerable Software and Affected Versions: ManageWiki versions prior to commit 2f177dc Description: The issue concerns a reflected or stored XSS vulnerability in the review dialog of ManageWiki, a MediaWiki extension. An attacker with a logged-in session can exploit this by modifying ...
Malicious code in @sporta-technology/d11-web-components.dialog (npm)
--- -= Per source details. Do not edit below this line.=-...
nginx:1.22 security update
1.22.1-8.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.22.1-8.1 - Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 1:1.22.1-8 - Resolves: RHEL-49349 - nginx worker...
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An input validation error vulnerability exists...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
USN-7258-1 ckeditor vulnerabilities
Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...
ASB-A-281665050
In createDatasetItems of DialogFillUi.java, there is a possible way to view another user's image. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-52887 - Self-XSS vulnerability in Mobile Access Native Applications 'favorites' dialog
Symptoms - The Mobile Access portal is vulnerable to a stored, self-XSS attack. An authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. So far today, no attack with actual impact is known. - This issue...
PT-2025-4816 · Brave · Brave Browser
Name of the Vulnerable Software and Affected Versions: Brave Browser versions 1.70.x through 1.73.x Description: The issue arises from a feature that displays a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However, the origin is...
Brave Browser 输入验证错误漏洞
Brave Browser is a fast, private and secure web browser for PC, Mac and mobile devices from Brave, Inc. An input validation error vulnerability exists in Brave Browser versions 1.70.x through 1.73.x. The vulnerability stems from the source of a site not being correctly identified in the file...
Malicious code in self-qualification-dialog-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...