Astra Linux - уязвимость в firefox

If an attacker needed a user to load an insecure http: page and knew that the user had enabled HTTPS-only mode, the attacker could trick the user into clicking to grant an HTTPS-only exception, provided they could get the user to participate in a clicking game. This vulnerability affects Firefox...

PT-2026-5086

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-36149

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

CVE-2025-36149

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

CVE-2025-36149

IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim...

CVE-2025-36149

IBM Concert Software (versions 1.0.0–2.0.0) is affected by CVE-2025-36149, a remote-click hijacking (clickjacking) vulnerability in the UI that could allow an attacker to hijack a victim’s clicking actions. The issue is documented across multiple sources (IBM, Red Hat RH, EUVD, NVD, etc.), consis...

EUVD-2018-9589

Malware in sbrugna...

CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...

Linux Distros Unpatched Vulnerability : CVE-2023-6211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicki...

CVE-2025-36027

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

CVE-2024-49796

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim...

CVE-2024-10883

The CVE-2024-10883 entry affects the WordPress plugin SimpleForm – Contact form made simple, all versions up to and including 2.2.0. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by use of add_query_arg and remove_query_arg without proper escaping, enabling unauthenticat...

CVE-2024-9609 LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpressimportformserver' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-10922

...

CVE-2024-9353

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8850 MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2024-8622

The CVE-2024-8622 entry concerns the amCharts: Charts and Maps plugin for WordPress. Affected versions are

SUSE CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...