CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

[SECURITY] Fedora 42 Update: qt6-qtvirtualkeyboard-6.9.1-1.fc42

The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...

Ethereum’s Layer 2 Solutions Could Outrun the Main Blockchain by 2030

According to recent reports, Ethereum’s Layer 2 solutions could reach an impressive $1 trillion market capitalization by 2030.…...

RichText Field Type 安全漏洞

RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...

SUSE CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sssd (SUSE-SU-2024:1941-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1941-1 advisory. - CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning inconsistent...

[SECURITY] Fedora 40 Update: qt6-qtvirtualkeyboard-6.7.1-1.fc40

The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...

Dolibarr 操作系统命令注入漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr versions prior to 17.0.1, which stems from the ability to remotely execute code via capitalization operations...

Fedora 28 : php-pear-CAS (2018-0bc91454ce)

Version 1.3.6 Security Fixes: - Fix XSS in proxy mode 271 Joachim Fritschi Bug Fixes: - Fix bad condition 252 Brice Vercoustre - Hash ticket strings to generate valid-length session-ids 224, 244, 248 Adam Franco - Fix 'phpCAS' class capitalization in code 273, 277 phy25 Improvement: - Remove...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

Heap overflow

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75)

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

CVE-2014-1576

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets CSS token sequences that trigger changes to capitalization...

CVE-2006-0760

LightTPD 1.4.8 and earlier; when the web root sits on a case-insensitive filesystem, the system may bypass URL checks and disclose sensitive information by mismatching file extension capitalization (e.g., index.PHP when PHP is enabled only for ".php"). Root cause is a case-insensitive handling of...

CVE-2006-0760

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...