RedShift JDBC Driver < 2.2.2 Arbitrary Class Loading (CVE-2026-8178)

The Amazon Redshift JDBC Driver installed on the remote host is prior to 2.2.2. It is, therefore, affected by a flaw that could allow the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. Under certain conditions, an actor able to influence the connectio...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

SUSE CVE-2024-9392

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9392

The Mozilla Foundation's Security Advisory: A compromised content process could allow for the arbitrary loading of cross-origin pages...

CVE-2024-9392

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9392

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9392

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...

CVE-2024-9392

CVE-2024-9392 impacts Firefox and Thunderbird before version 131 (and ESR before 128.3/115.16) where a compromised content process could bypass site isolation and load cross-origin content. This could enable cross-origin access to PDF/JSON via multipart responses and, in some cases, broader arbit...

Mozilla Firefox ESR < 128.3

The version of Firefox ESR installed on the remote Windows host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-9392: A compromised content process could have allowed for the arbitrary loading of cross-origin pages. CVE-2024-9396: It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to...

CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

CVE-2024-27903

OpenVPN for Windows (OpenVPN 2.6.9 and earlier) is affected by CVE-2024-27903: plugins could be loaded from any directory, allowing interaction with the privileged OpenVPN interactive service. Related issues CVE-2024-27459 (stack overflow in interactive service) and CVE-2024-24974 (remote interac...

GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

Spoofing

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...

ALPINE-CVE-2016-4477

wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...