Astra Linux - уязвимость в firefox

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

CVE-2026-33335

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

CVE-2026-33335

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

EUVD-2026-14909

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

PT-2026-27443

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

EUVD-2023-0968

Malicious code in bioql PyPI...

EUVD-2024-16537

Malicious code in bioql PyPI...

GHSA-HFJ7-542Q-8FVV DiracX-Web is vulnerable to attack through an Open Redirect on its login page

Summary An attacker can forge a request to redirect an authenticated user to any arbitrary website. Details On the login page, we have a redirect field which is the location where the server will redirect the user. This URI is not verified, and can be an arbitrary URI. Paired with a parameter...

DiracX-Web is vulnerable to attack through an Open Redirect on its login page

Summary An attacker can forge a request to redirect an authenticated user to any arbitrary website. Details On the login page, we have a redirect field which is the location where the server will redirect the user. This URI is not verified, and can be an arbitrary URI. Paired with a parameter...

Improper Handling Of Parameters

firefox is vulnerable to Improper Handling Of Parameters. The vulnerability is due to a compromised content process, which could update the document URI, enabling an attacker to set an arbitrary URI in the address bar or history...

SUSE CVE-2024-0748

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

Fedora 39 : firefox (2024-14dea9640b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-14dea9640b advisory. - Updated to new upstream 122.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Design/Logic Flaw

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

CVE-2024-0748

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

CVE-2024-0748

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

CVE-2024-0748

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

Cross-site Scripting (XSS)

org.keycloak:keycloak-services is vulnerable to Cross-site Scripting XSS attacks. A remote attacker is able to insert an arbitrary URI into an error page via the oob OAuth endpoint due to incorrect null-byte handling...

GHSA-9HHC-PJ4W-W5RV Keycloak Cross-site Scripting on OpenID connect login service

A reflected cross-site scripting XSS vulnerability was found in the oob OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page...

PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...