EUVD-2026-30855

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

Astra Linux – Vulnerability in Firefox

Spoofing issue in the Site Permissions component. This vulnerability has been fixed in Firefox 143 and Thunderbird 143...

FreeBSD : Firefox -- Spoofing issue in the Site Permissions component (d09efc3b-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d09efc3b-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1665334 reports: Spoofing issue in the Site Permissions...

SUSE CVE-2025-10534

Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

CVE-2025-10534

Spoofing issue in the Site Permissions component. This vulnerability affects Firefox 143 and Thunderbird 143...

UBUNTU-CVE-2025-10534

Spoofing issue in the Site Permissions component. This vulnerability affects Firefox 143 and Thunderbird 143...

CVE-2025-10534

Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

KLA88011 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability i...

Firefox -- Spoofing issue in the Site Permissions component

https://bugzilla.mozilla.org/showbug.cgi?id=1665334 reports: Spoofing issue in the Site Permissions component...

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Menu.mustache template. An attacker can execute arbitrary HTML or JavaScript code in the context of the user's browser by editing system messages for menu headings that are inserted as raw HTML. This is...

How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera

If you use an Apple iPhone or a MacBook, we have a piece of alarming news for you. Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's...

CVE-2019-5615

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

Command execution vulnerability in FrogCMS Pa***.php file

FrogCMS is an enterprise building system CMS based on PHP+Mysql architecture that can run on various server platforms such as Linux, Windows and so on. FrogCMS Pa.php file has a command execution vulnerability that can be exploited by an attacker to gain access to the site permissions and so on...

Command execution vulnerability in FrogCMS La***.php file

FrogCMS is an enterprise building system CMS based on PHP+Mysql architecture that can run on various server platforms such as Linux, Windows and so on. FrogCMS La.php file has a command execution vulnerability that can be exploited by an attacker to gain access to the site permissions and so on...

Command execution vulnerability in FrogCMS Sn***.php file

FrogCMS is an enterprise building system CMS based on PHP+Mysql architecture that can run on various server platforms such as Linux, Windows and so on. FrogCMS Sn.php file has a command execution vulnerability that can be exploited by an attacker to gain access to the site permissions and so on...

WordPress < 4.1.2 version there is XSS vulnerability, an attacker can exploit to obtain site permissions-bug warning-the black bar safety net

tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress. Mysql truncate Mysql utf8 character set only support up to 3-byte characters, if you insert a 4-byte characters, the default configuration of mysql will truncate the character...

VIIShop Online Store V1. 3. 0 fckeditor upload vulnerability-vulnerability warning-the black bar safety net

VIIShop Online Store V1. 3. 0 Fckeditor upload vulnerability can be obtain site permissions. Test method: form id="frmUpload" enctype="multipart/form-data" action="http://www.hackqing.cn/include/fck2/editor/filemanager/upload/php/upload.php?Type=Media" method="post" Upload a new file:br input...

Cobalt Networks - Security Advisory - Frontpage

Cobalt Networks -- Security Advisory -- 5.25.2000 Problem: With the current installation of Frontpage on RaQ2 and RaQ3, the ability to write data to other websites hosted on the same RaQ. This is due to a permissioning issue with the 'httpd' user. Description: Thanks to Chris Adams...