EUVD-2022-3615

Malicious code in bioql PyPI...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21120)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/dialogs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

CVE-2025-41055

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/dialogs...

Brave Desktop 1.82.161 Security Fixes

Disabled "navigator.share" in Tor windows on macOS as reported on HackerOne by cinzinga. - Treat ".onion" hostnames as secure for insecure form warnings and autofill as reported on HackerOne by newfunction. - Prevent tab modal dialogs being shown from inactive split tab as reported on HackerOne...

PT-2025-35926

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...

Linux Distros Unpatched Vulnerability : CVE-2021-26271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific...

Linux Distros Unpatched Vulnerability : CVE-2020-15677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original si...

Linux Distros Unpatched Vulnerability : CVE-2017-15394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs...

CVE-2021-20071

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs...

CVE-2021-20070

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs...

CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...

NuGet Package 'Microsoft.Bot.Builder.Dialogs' Detection

The remote host has a 'Microsoft.Bot.Builder.Dialogs' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Rocky Linux 8 : thunderbird (RLSA-2024:0609)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0609 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affect...

Fedora 39 : thunderbird (2024-c8c2a52fb8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c8c2a52fb8 advisory. Update to 115.7.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/...

Mozilla: Failure to update user input timestamp

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load...

Mozilla: Failure to update user input timestamp

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load...

Mozilla: Failure to update user input timestamp

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load...

Mozilla: Failure to update user input timestamp

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load...