RLSA-2025:8608 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing linear sums CVE-2025-4919 firefox: thunderbird: Clickjacking...

RLSA-2025:8341 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

firefox security update

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

CVE-2025-59950

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

CVE-2025-59950

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

FreshRSS 安全漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security vulnerability exists in FreshRSS 1.26.3 and earlier versions that stems from bypassing double clickjacking protection, which could lead to elevation of privilege and account takeover...

CVE-2025-59950 FreshRSS: Double clickjacking can lead to privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

CVE-2025-59950 FreshRSS: Double clickjacking can lead to privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

CVE-2025-59950 FreshRSS: Double clickjacking can lead to privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

CVE-2025-59950

FreshRSS

CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

CVE-2025-57769

CVE-2025-57769 affects FreshRSS

PT-2025-39920

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS is susceptible to a double clickjacking protection bypass. An attacker can trick an administrator into promoting themselves to "admin" and logging into other users' accounts. This is...

proofcraft

PocGEN - Proof of Concept Generator A Python command-line too...

CVE-2025-0546

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...

CVE-2025-0546

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...

CVE-2025-0546 XSS in Mevzuattr Software's MevzuatTR

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...

CVE-2025-0546 XSS in Mevzuattr Software's MevzuatTR

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This...