CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

EUVD-2026-30943

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

Security Vulnerabilities fixed in Firefox for iOS 151.0 — Mozilla

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies...

PT-2026-41948

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from user-controlled cookie values and parameters that may lead to HTTP header injection...

EUVD-2020-28018

Malware in sbrugna...

EUVD-2020-17568

Malware in sbrugna...

EUVD-2019-5710

Malware in sbrugna...

EUVD-2008-1295

Malware in sbrugna...

EUVD-2007-3405

Malware in sbrugna...

EUVD-2024-39121

Malicious code in bioql PyPI...

EUVD-2021-28758

Malicious code in bioql PyPI...

EUVD-2022-46348

Malicious code in bioql PyPI...

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

CVE-2022-43308

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies...

CVE-2022-23637

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

CVE-2019-14549

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible...

CVE-2013-3605

Cross-site request forgery CSRF vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies...

CVE-2024-4023

A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...

CVE-2024-10723

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...