91 matches found
EUVD-2016-9472
Malware in sbrugna...
EUVD-2021-2122
Malware in sbrugna...
EUVD-2020-19478
Malware in sbrugna...
EUVD-2023-48575
Malicious code in bioql PyPI...
webkitgtk: Same Origin Policy bypass issue
A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...
webkitgtk: logic issue was addressed with improved state management
A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...
Updated thunderbird packages fix security vulnerabilities
CVE-2025-5262: A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated fr...
Amazon Linux 2 : thunderbird (ALAS-2025-2873)
The version of thunderbird installed on the remote host is prior to 128.11.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2873 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability...
Amazon Linux 2023 : firefox (ALAS2023-2025-996)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-996 advisory. An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, and Firefox ESR 115.23.1...
Security Vulnerabilities fixed in Firefox 139 — Mozilla
A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. Error handling for script execution was incorrectly isolated from web content, which could ha...
Mozilla Thunderbird < 139.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-45 advisory. - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10...
CVE-2023-44216
PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...
CVE-2021-23976
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...
GO-2024-2812 Some CORS middleware allow untrusted origins in github.com/jub0bs/fcors
Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patter...
GO-2024-2813 Some CORS middleware allow untrusted origins in github.com/jub0bs/cors
Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patter...
Improper Origin Validation
github.com/jub0bs/cors is vulnerable to Improper Origin Validation. The vulnerability due to middleware configured with multiple origin patterns that share a similar suffix which mistakenly permits access from some untrusted origins, potentially leading to cross-origin attacks...
GHSA-V84H-653V-4PQ9 Some CORS middleware allow untrusted origins
Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...
Some CORS middleware allow untrusted origins
Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...
GHSA-VHXV-FG4M-P2W8 Some CORS middleware allow untrusted origins
Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...
Some CORS middleware allow untrusted origins
Impact Some CORS middleware more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin...