665 matches found
CVE-2025-27425
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS 136...
CVE-2025-27425
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...
CVE-2025-27425 QR code user confirmation bypass with invalid protocol
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...
CVE-2025-27425
Firefox for iOS before version 136 is vulnerable to QR-code URL handling where scanning text in a QR code could open the URL without a user confirmation alert. This affects Firefox for iOS builds prior to 136; Mozilla MFSA2025-13 indicates related URL-spoofing/redirect concerns. Remediation: upda...
CVE-2025-27425
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...
CVE-2025-27425 QR code user confirmation bypass with invalid protocol
Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...
A week in security (February 24 – March 2)
Last week on Malwarebytes Labs: Millions of stalkerware users exposed again PayPal’s "no-code checkout" abused by scammers Countries and companies are fighting at the expense of our data privacy Roblox called "real-life nightmare for children" as Roblox and Discord sued Android happy to check you...
Security Vulnerabilities fixed in Firefox for iOS 136 — Mozilla
Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page Scanning certain QR codes that included text with a website URL could...
WordPress QR Code for WooCommerce Plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin QR Code for WooCommerce versions = 1.2.0...
Pairwise Authentication of Humans
Here's an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode TOTP between any pair of persons. This i...
CVE-2024-7027
The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers t...
USN-7247-1: OpenCV vulnerabilities
It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could possibly use this issue to make OpenCV crash, resulting in a denial of service. This issue only...
USN-7247-1 opencv vulnerabilities
It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could possibly use this issue to make OpenCV crash, resulting in a denial of service. This issue only...
Ubuntu 18.04 LTS / 22.04 LTS : OpenCV vulnerabilities (USN-7247-1)
The remote Ubuntu 18.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7247-1 advisory. It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into...
CVE-2025-0705
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text lead...
bootplus 资源管理错误漏洞
bootplus is a privilege management framework by JoeyBling Personal Developer. A resource management error vulnerability exists in bootplus, which stems from the parameter w/h in the file src/main/java/io/github/controller/QrCodeController.java that causes resource consumption...
WhatsApp spear phishing campaign uses QR codes to add device
A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations NGOs, according to new details revealed by Microsoft. The group, which Microsoft tracks...
CVE-2025-23831
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through = 1.2.6...
CVE-2025-23864 WordPress WCS QR Code Generator plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke America WCS QR Code Generator wcs-qr-code-generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through = 1.0...
CVE-2025-23864 WordPress WCS QR Code Generator plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke America WCS QR Code Generator wcs-qr-code-generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through = 1.0...