106610 matches found
Astra Linux - уязвимость в firefox
Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...
Astra Linux - уязвимость в thunderbird
When a worker is shut down, it was possible for the script to run late in the lifecycle, at a time when it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux - уязвимость в libreoffice
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint servers. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice, links using this scheme could be used to invoke internal macr...
Astra Linux - уязвимость в chromium
Insufficient validation of untrusted input in the Settings section of Google Chrome before version 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient data validation in the New Tab Page of Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML into a new browser tab through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient data validation in the Browser Switcher component of Google Chrome prior to version 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox, thunderbird
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...
CVE-2026-5075
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...
CVE-2026-5075
The CVE-2026-5075 affects the WordPress plugin All in One SEO Pack (All in One SEO) up to version 4.9.7. The vulnerability is a Sensitive Information Exposure due to internalOptions data being passed to wp_localize_script() in post editor contexts without effective masking. This allows authentica...
CVE-2026-5075 All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure via 'internalOptions' Localized Script Data
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...
EUVD-2026-31059
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...
CVE-2026-5075
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...
Malicious code in python-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...
Malicious code in vestibulect (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da0f0bb40f42e69defbea694db093f2ad880c8c094508f61e2d7fe58550e2e package.json declares a postinstall hook "postinstall": "node install.js" which executes install.js automatically on npm install. install.js imports ...
CVE-2026-8420
The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...
CVE-2026-8038
The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-6549
The Logo Manager For Enamad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute of the vcenamadnamad, vcenamadshamed, and vcenamadcustom shortcodes in all versions up to, and including, 0.7.4 due to insufficient input sanitization and output escaping on use...
Malicious code in color-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47cf4aaa2cd7a20b222a1a4150a7b9e1f79d9b0a09c8fe4a5689e55bad9bc087 On npm install, all three lifecycle hooks preinstall, install, postinstall execute postinstall.js, which harvests installer secrets and exfiltrates...
Malicious code in @flipbit2-bb/test-auth-state (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ba26e89d1aca1f10772bf4cc8c9b23a436a39a8442fdf4ba9abf6c4c890e63 On npm install, a postinstall script phone-home.js collects os.hostname, os.userInfo.username, process.platform + os.release, a timestamp, and a...