firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

FileRise 安全漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan as an individual developer. Versions of FileRise prior to 3.3.0 contained security vulnerabilities, which were caused by HTML injection, potentially allowing modifications to the DOM or redirecting users...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

Reflected DOM-based Cross-Site Scripting (XSS)

gi-docgen is vulnerable to a reflected DOM-based Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the q GET parameter, which allows an attacker to exploit it via a crafted URL to execute arbitrary JavaScript in the victim’s browser...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

firefox: thunderbird: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

CVE-2026-24958

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.12.2...

ROS-20260129-73-0053

A vulnerability in the Notification interface of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding buffer boundaries in memory when processing DOM objects. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his...

CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...