10 matches found
CVE-2026-33548
Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...
PT-2025-74: Local Privilege Escalation (LPE) in Mozilla VPN
The vulnerability was identified in Mozilla VPN, versions 2.27.0 on MacOS. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 04.06.2025 Recommendations: Update to version...
CVE-2023-22846
creationtimestamp| type| source ---|---|--- 2023-04-20 22:30:55+00:00| seen| https://t.me/cibsecurity/62544...
CITSmart SQL Injection Vulnerability
CITSmart is an application from CITSmart Portugal. It provides all the processes for designing an organization. A SQL injection vulnerability exists in CITSmart versions prior to 9.1.2.28, which stems from the incorrect handling of "filtro de autocomplete...". No details of the vulnerability are...
CVE-2019-2696
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
UBUNTU-CVE-2019-2696
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-2690
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualB...
USN-3887-1 snapd vulnerability
Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems wit...
UBUNTU-CVE-2017-7224
The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...