7432 matches found
CVE-2025-6179
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...
CVE-2025-6177
Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...
CVE-2025-6177
Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...
CVE-2025-6179 ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...
CVE-2025-6179 ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...
CVE-2025-6179
Summary of CVE-2025-6179 (ChromeOS) : The issue is a permissions bypass in ChromeOS Extension Management affecting Google ChromeOS, version 16181.27.0 on managed devices. The underlying problem allows a local attacker to disable extensions and gain Developer Mode, including loading additional ext...
CVE-2025-6177
CVE-2025-6177 describes a local privilege-escalation in Google ChromeOS MiniOS, where a debug shell (VT3 console) is reachable via specific key combinations during developer mode entry and MiniOS access, allowing root code execution even when developer mode is blocked by policy or FWMP. Affected:...
CVE-2025-6177 ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...
Astra Linux – Vulnerability in Firefox
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat 676 Downloads ts-runtime-compat-check 1,588...
Google ChromeOS 安全漏洞
Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...
WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WP2LEADS versions = 3.5.0...
Social Media Reactions to Open Source Promotions: AI-Powered GitHub Projects on Hacker News
Social media platforms have become more influential than traditional news sources, shaping public discourse and accelerating the spread of information. With the rapid advancement of artificial intelligence AI, open-source software OSS projects can leverage these platforms to gain visibility and...
CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
WordPress Responsive Blocks plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 2.0.5...
WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress Plugin Majestic Support versions = 1.1.0...
WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Anhchangmutrang in WordPress Plugin MapSVG versions 8.7.4...
WordPress ZotPress plugin <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname' vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'nickname' vulnerability discovered by mohamed hamadou ZoeniX in WordPress Plugin Zotpress versions = 7.3.15...
like-girl 安全漏洞
like-girl is a couple logging tool by the individual developer of kiCode111 in China. A security vulnerability exists in like-girl version 5.2.0, which originates from SQL injection due to the incorrect operation of the parameter bz/ipdz in the file /admin/ipAddPost.php...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.1.SP1)
An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available RHBQ 3.20.1.SP1. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...