32036 matches found
Apache NiFi - Information Disclosure
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...
Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...
CVE-2026-15771
CVE-2026-15771 affects Google Chrome on Windows prior to 150.0.7871.125. The vulnerability arises from insufficient validation of untrusted input in the Media component, allowing a remote attacker who has compromised the renderer process to potentially read sensitive information from process memo...
CVE-2026-4018
CVE-2026-4018 describes a TOCTOU race condition in specific trace commands of the TraceEvent() system call in the QNX Neutrino kernel, affecting versions of the QNX Software Development Platform and QNX OS for Safety. The vulnerability could allow a local attacker with PROCMGR_AID_TRACE privilege...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
Malicious code in assertcoreutils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e53b085bfe045b4aeabe9ad77e1066ab0883f27304197377681191c3118b780 assertcoreutils impersonates the popular chai assertion library: the README, the chai keyword, the lib/chai/ directory layout, and lib/chai.js are...
MAL-2026-10442 Malicious code in @oliviamcdaniel12/safer-buffer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...
Malicious code in @oliviamcdaniel12/safer-buffer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55129478b44191f3a4bb3308036567d5e2eb1a73084511b424917b6b5f7bf50f Package impersonates the popular safer-buffer module. On require, safer.js reads a PID from Porting-Buffer.md and, if that process is not alive, spaw...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...