Cross-site scripting (XSS) via script break-out in toScript() output

What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...

CVE-2025-31189

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox...

About the security content of watchOS 10.2

About the security content of watchOS 10.2 This document describes the security content of watchOS 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

Integer overflow

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox...

Smart DNS for the New Network: Optimizing Content Delivery

This is the third in a series of blog posts that will discuss how smart DNS resolvers can enhance ongoing internet service provider ISP and mobile network operator MNO network transformation efforts, such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize...

CVE-2018-8861

Vulnerabilities within the Philips Brilliance CT kiosk environment Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior could enable a limited-access kiosk user or an unauthorized...

CVE-2017-3967 SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

Automatic Server Side Template Injection Exploitation: Tplmap

Automatic Server Side Template Injection Exploitation Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This assists SSTI exploitation to compromise the application and achieve remote command...

interactive story 1.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3028/info Interactive Story is a web-based application written in Perl and is distributed as freeware. Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote...

Fedora 7 : kvm-36-8.fc7 (2008-1973)

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices can result in accesses to emulator's virtual memory space accesses and thus can allow user with sufficient privilege in guest root, as this would need modification to kernel's driver to break out of VM...