Astra Linux - уязвимость в chromium

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass the mixed content policy through a crafted HTML page. Chromium security severity: Low...

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

EUVD-2026-25368

Kirby is an open-source content management system. Kirby's Xml::value method has special handling for blocks. If the input value is already valid CDATA, it is not escaped a second time but allowed to pass through. However, prior to versions 4.9.0 and 5.4.0, it was possible to trick this check int...

Linux Distros Unpatched Vulnerability : CVE-2026-35543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes...

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets treated as local content, bypassing access restrictio...

EUVD-2021-10134

Malware in sbrugna...

EUVD-2015-0618

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-5826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets CSS document is required to have the text/css content type,...

HTML sanitizer 安全漏洞

HTML sanitizer is an allowlist-based HTML cleaner by Matthias Kestenholz, a personal developer. A security vulnerability exists in HTML sanitizer, which is caused by specially crafted HTML that can escape cleaning...

SUSE CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

PT-2024-3083 · Google +6 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.60 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Networks component, allowing a remote attacker to bypass mixed content...

SUSE CVE-2015-4483

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request...

UBUNTU-CVE-2020-13677

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected...

PYSEC-2021-852

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

USN-5074-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass mixed content blocking, or execute arbitrary code...

The vulnerabilities of anti-virus software programs Worry-Free Business Security, Apex One, and OfficeScan stem from insufficient validation of input data. This allows attackers to bypass content validation and manipulate the components of the client agent.

The vulnerability of anti-virus software programs such as Worry-Free Business Security, Apex One, and OfficeScan exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass content validation and manipulate the client agent components...

DEBIAN-CVE-2019-11761

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox 70,...

UBUNTU-CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability

F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2013:0323-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...