CVE-2026-44698

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

EUVD-2026-33317

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

Astra Linux - уязвимость в firefox, thunderbird

Dragging a URL from a cross-origin iframe that was removed during the drag-and-drop process could lead to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

Astra Linux - уязвимость в firefox, thunderbird

An iframe from a cross-origin origin that references an XSLT document would inherit the permissions of the parent domain such as access to microphones or cameras. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

Astra Linux - уязвимость в thunderbird, firefox

Navigation was allowed when dragging a URL from a cross-origin iframe into the same tab, which could lead to website spoofing attacks. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

MiracleLinux 8 : firefox-102.9.0-3.el8.ML.1 (AXSA:2023-5235:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5235:13 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

MiracleLinux 7 : firefox-102.9.0-3.0.1.el7.AXS7 (AXSA:2023-5237:14)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5237:14 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

MiracleLinux 9 : firefox-128.10.0-1.el9_6.ML.1 (AXSA:2025-10467:22)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10467:22 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

EUVD-2017-16805

Malware in sbrugna...

EUVD-2023-27701

Malicious code in bioql PyPI...

EUVD-2022-41056

Malicious code in bioql PyPI...

EUVD-2023-31872

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-23601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2023-28164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from bein...

DEBIAN-CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...