ASB-A-325912429

In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2022-43151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor at /timg/src/term-query.cc. CVE-2022-43151 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2025-5064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2020-28040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. CVE-2020-28040 Note that Nessus relies on the presence of the package as...

CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145

Scada-LTS 2.7.8.1 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically via manipulation of the backgroundImageMP argument in view_edit.shtm. The issue can be triggered remotely and, per multiple sources, the exploit has been publicly disclosed. Current connect...

PT-2025-33743 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security issue exists in Scada-LTS 2.7.8.1 related to the processing of the view edit.shtm file within the SVG File Handler component. Manipulation of the backgroundImageMP argument can lead to...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which originates from a cross-site scripting attack due to misuse of the file viewedit.shtm parameter backgroundImageMP in the component...

Linux Distros Unpatched Vulnerability : CVE-2025-23166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the...

Linux Distros Unpatched Vulnerability : CVE-2023-6870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This issue only affects...

Malicious code in background-image (npm)

The package background-image was found to contain malicious code...

Malicious code in cover-background (npm)

The package cover-background was found to contain malicious code...

Malicious code in react-native-background-geolocation-android (npm)

The package react-native-background-geolocation-android was found to contain malicious code...

Malicious code in centered-cover-background (npm)

The package centered-cover-background was found to contain malicious code...

MAL-2025-17638 Malicious code in cover-background (npm)

The package cover-background was found to contain malicious code...

MAL-2025-16723 Malicious code in centered-cover-background (npm)

The package centered-cover-background was found to contain malicious code...

MAL-2025-15320 Malicious code in background-image (npm)

The package background-image was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2022-45407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker loaded a font using FontFace on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This...

XWiki Contrib Mocca Calendar Application 跨站脚本漏洞

XWiki Contrib Mocca Calendar Application is an open source XWiki plugin for XWiki Contrib. A cross-site scripting vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 2.15, which stems from cross-site scripting in the background or text color fields...