21 matches found
FastNetMon 安全漏洞
FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...
CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...
PT-2026-25021
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...
EUVD-2021-24227
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-37746
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
CVE-2024-48908
lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...
Contao 安全漏洞
Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from a cookie mark...
RHEL 8 : pesign (RHSA-2023:1829)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1829 advisory. The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Security Fixes: pesign: Local privilege...
SUSE CVE-2021-37746
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
Privilege Escalation
claws-mail is vulnerable to privilege escalation. The vulnerability exists due to the lack of link checks before accepting a click in textviewurisecuritycheck in textview.c...
Trend Micro Security 后置链接漏洞
Trend Micro Security is a suite of computer security software from Trend Micro, Inc. A back-linking vulnerability exists in Trend Micro Security Consumer, which stems from the product's failure to properly check for symbolic links to think-only directories. An attacker could exploit the...
Updated sylpheed and claws-mail packages fix security vulnerability
Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...
MGASA-2021-0408 Updated sylpheed and claws-mail packages fix security vulnerability
Updated sylpheed and claws-mail packages fix security vulnerability: The textviewurisecuritycheck function in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click CVE-2021-37746...
Code injection
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
CVE-2021-37746
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
CVE-2021-37746
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
CVE-2021-37746
textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...
PT-2021-21858 · Sylpheed +3 · Sylpheed +3
Name of the Vulnerable Software and Affected Versions: Claws Mail versions prior to 3.18.0 Sylpheed versions prior to 3.7.1 Description: The issue is related to insufficient link checks in the textview uri security check function in textview.c before accepting a click. This could potentially lead...
rpm 后置链接漏洞
rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query, and update packages on Linux systems. A security vulnerability exists in rpm that stems from not performing unsafe symbolic link checks on intermediate directories. An attacker exploiting this...
Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection
Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks...