1742 matches found
RosarioSIS 6.7.2 - Cross-Site Scripting
RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...
Oracle Linux 8 : firefox (ELSA-2026-21382)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-21382 advisory. 140.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.11.0 -...
thunderbird security update
140.10.1-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.10.1 - Add OpenELA debranding 140.10.1-1 - Update to 140.10.1 ESR...
rgui-3.4.4-seh-bof-exploit
Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
CVE-2026-28988 describes a permissions issue where an app may bypass certain Privacy preferences. The vulnerability is addressed in Apple security updates: iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, and watchOS 26.5. The connected advisories (NCSC-2026-0138/0139 and Apple security no...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
thunderbird security update
140.10.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.10.0 - Add OpenELA debranding 140.10.0-1 - Update to 140.10.0 ESR...
CVE-2026-41663
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
CVE-2026-41663
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
CVE-2026-41663
Admidio has a CSRF flaw (CVE-2026-41663) affecting versions prior to 5.0.9. The vulnerability lies in the preferences module where backup, test_email, and htaccess operations are executed via GET requests without CSRF validation, allowing exploitation via SameSite=Lax cookies to trigger actions o...
EUVD-2026-28278
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
Oracle Linux 8 : thunderbird (ELSA-2026-13537)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13537 advisory. 140.10.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.10.0 - Add OpenELA debranding 140.10.0-1 - Update to 140.10.0 ESR...
thunderbird security update
140.10.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.10.0 - Add OpenELA debranding 140.10.0-1 - Update to 140.10.0 ESR...
CVE-2026-6538
A flaw was found in Wireshark. A remote attacker could exploit a crash in the BEEP Blocks Extensible Exchange Protocol dissector by crafting a malicious BEEP packet. This vulnerability leads to a Denial of Service DoS, causing Wireshark to become unresponsive. Mitigation To mitigate this issue,...
thunderbird security update
140.10.0-1.0.1 - Add Oracle prefs 140.10.0-1 - Update to 140.10.0 ESR...
GHSA-RW74-VC9H-534J Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
Summary Several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger...