firefox: thunderbird: Use-after-free in the JavaScript: GC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...

WordPress Tutor LMS plugin <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability

Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Course Modification and Deletion vulnerability discovered by WordFence in WordPress Plugin Tutor LMS versions = 3.9.5...

CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications do not properly validate license restrictions against the database, allowing direct modification of the systemticketinfo table to bypass license limitations without proper enforcement...

EUVD-2020-21403

Malware in sbrugna...

EUVD-2018-0202

Malware in sbrugna...

EUVD-2019-5205

Malware in sbrugna...

EUVD-2024-44949

Malicious code in bioql PyPI...

EUVD-2024-54662

Malicious code in bioql PyPI...

EUVD-2024-25120

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-6820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS...

CVE-2025-7458 affecting package sqlite for versions less than 3.39.2-4

CVE-2025-7458 affecting package sqlite for versions less than 3.39.2-4. A patched version of the package is available...

CVE-2024-8925 affecting package php for versions less than 8.3.12-1

CVE-2024-8925 affecting package php for versions less than 8.3.12-1. A patched version of the package is available...

CVE-2025-50015 WordPress Hand Talk plugin <= 6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rodrigo Bastos Hand Talk handtalk allows Stored XSS.This issue affects Hand Talk: from n/a through = 6.1...

CVE-2025-5268

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

CVE-2022-32258

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11

CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11. A patched version of the package is available...

CVE-2025-30000

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges...

AZL-77490 CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2023-29932 affecting package llvm for versions less than 12.0.1-8

CVE-2023-29932 affecting package llvm for versions less than 12.0.1-8. A patched version of the package is available...