CVE-2024-25148

In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user...

CVE-2024-45290

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...

CVE-2024-48548

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack...

WeHere Cloud Smart Lock 安全漏洞

WeHere Cloud Smart Lock is a smart door lock application from WeHere. A security vulnerability exists in WeHere Cloud Smart Lock version v2.0.1, which stems from an APK file that leaks a URL that can be used to call the Bind to Physical Device API, allowing an attacker to brute-force find a valid...

SUSE CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

Burp Suite 输入验证错误漏洞

PortSwigger Burp Suite is an application from PortSwigger UK. Software used for packet-catching proxies. A security vulnerability exists in Burp Suite versions prior to 2022.6, which stems from a URL leak...

PT-2022-13992 · WordPress · Hc Custom Wp-Admin Url

Name of the Vulnerable Software and Affected Versions: HC Custom WP-Admin URL WordPress plugin versions 1.4 and earlier Description: The issue allows the secret login URL to be leaked when a specific crafted request is sent. Recommendations: For HC Custom WP-Admin URL WordPress plugin versions 1....

SUSE-SU-2022:14880-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

SUSE-SU-2022:0137-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...

FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)

Google Chrome Releases reports : Several security fixes in this release, including : - 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 - 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 - 793620...

Google Chrome Security Updates (stable-channel-update-for-desktop_24-2018-01) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

SUSE-SU-2017:3233-1 Security update for MozillaFirefox

This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed bsc1068101. - CVE-2017-7828: Use-after-free of PressShell while restyling layout bsc1068101. - CVE-2017-7830: Cross-origin URL information leak through Resource...

SUSE-SU-2017:3213-1 Security update for MozillaFirefox

This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed bsc1068101. - CVE-2017-7828: Use-after-free of PressShell while restyling layout bsc1068101. - CVE-2017-7830: Cross-origin URL information leak through Resource...

CVE-2016-4603

Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior...

UBUNTU-CVE-2015-4519

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...