Lucene search
K

18310 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.14 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from an exploit that allowed bypassing the SVG cleaner, potentially allowing execution of arbitrary JavaScript...

5.4CVSS6.1AI score0.00176EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-33152

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An out of bounds write in the GPU allows a remote attacker who has compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds write...

9.6CVSS5.8AI score0.00372EPSS
Exploits0References39
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2026:1163-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1163-1 advisory. Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: - CVE-2026-3889: Spoofing issue in...

10CVSS6.5AI score0.01279EPSS
Exploits1References82
Github Security Blog
Github Security Blog
added 2026/04/01 11:42 p.m.7 views

phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation

Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...

5.4CVSS6.1AI score0.00176EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/01 9:30 p.m.16 views

CVE-2026-5313

The CVE-2026-5313 issue affects the GIF Decoder in the stb_image.h header used by Nothings stb up to version 2.30. The vulnerability targets stbi__gif_load_next and can lead to denial of service. Remote exploitation is implied by the description; an exploit has been disclosed publicly. The CVSS m...

5.3CVSS5.4AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/01 9:30 p.m.3 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the stbigifloadnext function. An attacker can cause the application to become unavailable by enticing a user to open a specially crafted GIF image. This is only exploitable if a user interacts...

5.3CVSS5.9AI score0.00286EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:15 p.m.7 views

USN-8143-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - GPU drivers; - BTRFS file system; - GFS2 file system; - UDF file system; - NFC subsystem; -...

7.8CVSS6.7AI score0.00271EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/01 4:28 p.m.4 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.6AI score0.00537EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/01 4:24 p.m.5 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.6AI score0.00537EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/01 3:1 p.m.4 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.6AI score0.00537EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.8 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...

7.5CVSS7.1AI score0.00433EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.6 views

firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Graphics: Canvas2D component...

9.1CVSS7.1AI score0.0043EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.5 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

7.5CVSS7.1AI score0.00452EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.4 views

firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Race condition, use-after-free in the Graphics: WebRender component...

7.5CVSS7.1AI score0.00352EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.6 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...

7.5CVSS7.1AI score0.00577EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.5 views

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics component...

7.5CVSS7.1AI score0.00772EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.3 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...

7.5CVSS7.1AI score0.00433EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.6 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...

7.5CVSS7.1AI score0.00433EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/04/01 8:49 a.m.3 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: CVE-2026-3889: Spoofing issue in Thunderbird CVE-2026-4371: Out of bounds read in IMAP parsing CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References82
OSV
OSV
added 2026/04/01 8:49 a.m.1 views

SUSE-SU-2026:1163-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: - CVE-2026-3889: Spoofing issue in Thunderbird - CVE-2026-4371: Out of bounds read in IMAP parsing - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRende...

10CVSS6.4AI score0.01279EPSS
Exploits1References42
Rows per page
Query Builder