firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

ALSA-2025:21843 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

SUSE CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

EUVD-2022-52075

Malicious code in bioql PyPI...

EUVD-2022-52074

Malicious code in bioql PyPI...

CVE-2025-29306

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

CVE-2025-26206

CVE-2025-26206 concerns a Cross-Site Request Forgery (CSRF) vulnerability in Sell Done Storefront v1.0. The issue stems from the absence of anti-CSRF protections in the web application, allowing a remote attacker to induce privileged actions via the index.html component. Affected code is identifi...

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

PT-2025-18234 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 136.0.7103.59 Description: The issue is related to a heap buffer overflow in the HTML component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML...

YznCMS 安全漏洞

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A memory corruption vulnerability exists in Microsoft Edge HTML-based, which can be exploited by an attacker to execute arbitrary code on a system...

Emby Media Server Cross-Site Scripting Vulnerability

Emby Media Server is a personal media server software for organizing, managing and sharing multimedia content such as music, movies, TV shows and more. Emby Media Server suffers from a cross-site scripting vulnerability that can be exploited to elevate privileges via the notifications.html...

CVE-2022-4778

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

Path traversal

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...

CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

CVE-2022-4778 path traversal in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated ar...