9293 matches found
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
CVE-2025-5986 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
CVE-2025-5395
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to...
[SECURITY] Fedora 42 Update: qt6-qtvirtualkeyboard-6.9.1-1.fc42
The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...
WordPress plugin WordPress Automatic Plugin 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2025-25182 · WordPress · Wordpress Automatic Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin versions up to 3.115.0 Description: The WordPress Automatic Plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file. This allows authenticated attackers with...
Mozilla Thunderbird 安全漏洞
Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation in the United States that is separate from the Mozilla Application Suite. The software supports the IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla...
Fedora 43 : rust-git-interactive-rebase-tool (2025-3b4c75f23c)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3b4c75f23c advisory. Automatic update for rust-git-interactive-rebase-tool-2.4.1-9.fc43. Changelog Sun Jun 8 2025 Benjamin Gilbert - 2.4.1-9 - Rebuild for CVE-2024-12224...
Fedora 43 : krb5 (2025-1c915db8a5)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-1c915db8a5 advisory. Automatic update for krb5-1.21.3-6.fc43. Changelog Wed Jun 4 2025 Julien Rische - 1.21.3-6 - Do not block HMAC-MD4/5 in FIPS mode Resolves: rhbz2370259 -...
Discover how automatic attack disruption protects critical assets while ensuring business continuity
Traditional security solutions often operate in a one-size-fits-all alert model that treats every detection equally, regardless of how important the asset is. But not all assets are equal. Critical assets are systems governing access, identity, or sensitive data. They are essential to an...
Amazon Linux 2 : thunderbird (ALAS-2025-2859)
The version of thunderbird installed on the remote host is prior to 128.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2859 advisory. Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From...
The vulnerability in the software for automatic checking of updates for the Microsoft Edge Update browser lies in the improper handling of symbolic links before accessing the file. This allows a malicious actor to elevate their privileges to a system level.
The vulnerability in the software for automatic checking of updates for the Microsoft Edge Update browser is related to an incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability could allow a malicious individual to elevate their privileges to a system lev...
Fedora: Security Advisory (FEDORA-2024-6ac71752a4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-b58afe0982)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-e4c104502d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-e253f0b07c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-22a01aab2f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-d1d07e01e8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...