2405 matches found
CVE-2025-52131
The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field...
Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing,...
Arbitrary File Upload
Overview MoneyPrinterTurbo is a Simply provide a topic or keyword for a video, and it will automatically generate the video copy, video materials, video subtitles, and video background music before synthesizing a high-definition short video.. Affected versions of this package are vulnerable to...
Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...
SUSE-SU-2025:02339-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...
PT-2025-29922 · Unknown · Oa Ekp Version 16
Name of the Vulnerable Software and Affected Versions: OA EKP version 16 Description: OA EKP version 16 contains an arbitrary download vulnerability within the /ui/sys ui extend/sysUiExtend.do component. This issue allows attackers to obtain the background administrator password and subsequently...
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
...
MAL-2025-5368 Malicious code in blade_background (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8e0ab7bc65f47415c49500ce45a5167fd26a9eb02322a1b7d4d7d61c632c960 Any computer that has this package installed or running should be considered...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Node.js
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executed in a background thread, causing the Node.js process to crash. Such cryptographic operations are commonly applied to untrusted inputs. Therefore, this mechanism potentially allows ...
The vulnerability of the browser’s Background Fetch API programming interface in Google Chrome, which allows a perpetrator to disclose protected information
The vulnerability of the Background Fetch API in Google Chrome browser’s software interface is related to the disclosure of information. Exploiting this vulnerability could allow a remote attacker to disclose sensitive information through a specially created HTML page...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
ASB-A-388828203
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-386950836
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-5064
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2025-5064
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
kernel: ext4: avoid online resizing failures due to oversized flex bg
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbgsize, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARNO...