Hono vulnerable to Vary Header Injection leading to potential CORS Bypass

Summary A flaw in the CORS middleware allowed request Vary headers to be reflected into the response, enabling attacker-controlled Vary values and potentially affecting cache behavior. Details The middleware previously copied the Vary header from the request when origin was not set to "". Since...

EUVD-2024-17604

Malicious code in bioql PyPI...

Security Vulnerabilities fixed in Thunderbird 141 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

Mozilla Thunderbird < 140.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-63 advisory. - Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140...

Mozilla Thunderbird < 140.1

The version of Thunderbird installed on the remote Windows host is prior to 140.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-63 advisory. - Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of...

CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...