CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

CVE-2025-55028

Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-55028

CVE-2025-55028 affects Mozilla Firefox for iOS. The issue arises from malicious scripts using repetitive JavaScript alerts that can prevent user interaction, potentially enabling denial-of-service scenarios. Affected version range is Firefox for iOS before 142. The available connected documents c...

CVE-2025-55028 JavaScript alerts could impede UI interaction or allow denial of service attacks

Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...

ublk: don't allow user copy for unprivileged device

...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

grafana: using email as a username can block other users from signing in

A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email...

grafana: using email as a username can block other users from signing in

A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email...

No Rate Limit on Copoun Code Functionality

Description The attacker has the ability to send any number of requests to the endpoint due to the absence of rate-limiting. Steps to reproduce - Simply capture the adding coupon request and send it to burp. - Send it to the repeater tab and you will be able to send many requests without blocking...

GitLab: Blocked user Git access through CI/CD token

Summary A blocked user does not have the ability to utilise Git client operations, GitLab UI access or API access. However, a blocked user can still use Git clone/Git pull client commands if they are able to obtain a CI/CD token before being blocked. This allows them to access projects they are...