36 matches found
EUVD-2026-34031
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server...
CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
Astra Linux - уязвимость в thunderbird, firefox
A web page could trick users into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2026-6993
CVE-2026-6993 affects go-kratos kratos up to 2.9.2. It concerns the function NewServer in transport/http/server.go’s http.DefaultServeMux Fallback Handler, where manipulation can yield an unintended intermediary and may be exploitable remotely. Public exploit exists. A patch is identified as 0284...
CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...
EUVD-2026-5169
Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...
CVE-2026-25149 Qwik City Open Redirect via fixTrailingSlash
Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...
EUVD-2020-1619
Malware in sbrugna...
EUVD-2020-1581
Malware in sbrugna...
EUVD-2021-2953
Malicious code in bioql PyPI...
AZL-66938 CVE-2025-39686 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...
CVE-2025-39686 comedi: Make insn_rw_emulate_bits() do insn->n samples
In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...
CVE-2020-0074
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
OESA-2025-1267 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additiona...
firefox: Clickjacking the registerProtocolHandler info-bar Reporter
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...
firefox: Clickjacking the registerProtocolHandler info-bar Reporter
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...
firefox: Clickjacking the registerProtocolHandler info-bar Reporter
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...
SUSE CVE-2025-1935
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-1935
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
DEBIAN-CVE-2025-1935
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...