18310 matches found
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from an exploit that allowed bypassing the SVG cleaner, potentially allowing execution of arbitrary JavaScript...
PT-2026-33152
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An out of bounds write in the GPU allows a remote attacker who has compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds write...
SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2026:1163-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1163-1 advisory. Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: - CVE-2026-3889: Spoofing issue in...
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...
CVE-2026-5313
The CVE-2026-5313 issue affects the GIF Decoder in the stb_image.h header used by Nothings stb up to version 2.30. The vulnerability targets stbi__gif_load_next and can lead to denial of service. Remote exploitation is implied by the description; an exploit has been disclosed publicly. The CVSS m...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the stbigifloadnext function. An attacker can cause the application to become unavailable by enticing a user to open a specially crafted GIF image. This is only exploitable if a user interacts...
USN-8143-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - GPU drivers; - BTRFS file system; - GFS2 file system; - UDF file system; - NFC subsystem; -...
freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...
firefox: thunderbird: Incorrect boundary conditions in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...
firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the Graphics: Canvas2D component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...
firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Race condition, use-after-free in the Graphics: WebRender component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Canvas2D component...
firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...
firefox: thunderbird: Incorrect boundary conditions in the Graphics component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: CVE-2026-3889: Spoofing issue in Thunderbird CVE-2026-4371: Out of bounds read in IMAP parsing CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender...
SUSE-SU-2026:1163-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 MFSA 2026-24, bsc1260083: - CVE-2026-3889: Spoofing issue in Thunderbird - CVE-2026-4371: Out of bounds read in IMAP parsing - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRende...