115 matches found
EUVD-2012-1975
Malware in sbrugna...
EUVD-2017-18087
Malware in sbrugna...
Embedded Malicious Code
Overview @ctrl/ngx-rightclick is a Context Menu Service for Angular Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API...
CVE-2025-48533
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48533
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48533
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48533
CVE-2025-48533 affects the Android Framework. A race condition in the lockscreen context menu can be exploited to perform local escalation of privilege by using apps linked from the context menu, without additional execution privileges or user interaction. The vulnerability is characterized as Eo...
CVE-2025-48533
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48533
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Vivaldi 7.5: color, clarity, and control
Read this article in español, Deutsch, Français, русский, 日本語, język polski. This update brings both refinement and power. It’s a release shaped by your feedback and driven by our commitment to putting you in full control of your browser. With long-requested colored Tab Stacks, enhanced privacy...
PT-2024-40550 · Mozilla · Seamonkey
Name of the Vulnerable Software and Affected Versions: SeaMonkey versions prior to 2.53.19 Description: The issue is related to a security vulnerability in SeaMonkey. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where thi...
CVE-2024-37888
The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...
Fedora 40 : thunderbird (2024-d8a0e599e2)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d8a0e599e2 advisory. Update to 115.8.1 https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ read that if you have mails with encrypted email subjects...
BIT-JENKINS-2023-35141
In Jenkins LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu...
CVE-2024-1936
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
PT-2023-32850 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.3.31 and earlier Description: The issue is related to inadequate validation of permissions when using remote tools and macros via the context menu. This allows a user to initiate a connection...
FreeBSD : chromium -- multiple security fixes (4405e9ad-97fe-11ee-86bb-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4405e9ad-97fe-11ee-86bb-a8a1599412c6 advisory. - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote...
DEBIAN-CVE-2023-6512
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...
Design/Logic Flaw
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...