MGASA-2025-0118 Updated chromium-browser-stable packages fix security vulnerability

Use after free in Lens. CVE-2025-2476...

Malicious code in facetec-browser-sdk (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38f356209be66b9759fe0891f0751be720e7d758d002e5fd1541f0c10619f45c Any computer that has this package install...

MAL-2024-8728 Malicious code in hwieiur (npm)

The package contains obfuscated code to load content from a suspicious external domain in the user's browser...

MAL-2024-8727 Malicious code in esdjiw (npm)

The package contains obfuscated code to load content from a suspicious external domain in the user's browser --- -= Per source details. Do not edit below this line.=-...

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare version 8.34 and prior versions, which stems from a vulnerability that allows brute force decryption of a PIN...

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare versions 8.34 and earlier, which originates from the ability to exit the software and use other open applicatio...

Cross-Site Scripting (XSS)

total4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in replace parameter of internal.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Security Bulletin: IBM Smart Analytics System 5600 clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)

Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed e.g. Java applets running in a web browser. Content VULNERABILITY DETAILS CVE IDs: CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823 DESCRIPTION: The IBM Smart Analytics System 560...

Apache Struts is vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...

ECOA Building Automation System Cookie Poisoning / Authentication Bypass Vulnerabilities

ECOA building automation systems suffer from a cookie poisoning vulnerability that allows for authentication bypass. Many versions are affected. ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

DSA-4182-1 chromium-browser - security update

Bulletin has no description...

PyroCMS "email"跨站脚本漏洞

PyroCMS是一款内容管理系统。 由于传递到index.php/register中"email" POST参数的输入在返回用户前未能正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 PyroCMS 2.2.3 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://www.pyrocms.com/...

SSL Vulnerabilities Found in Critical Non-Browser Software Packages

The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages. Serious security vulnerabiliti...

CVE-2006-1740

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site...