oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

A Stored Cross-Site Scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification such as info.description, they can break out of the JSON context and execute arbitrary JavaScript when a user views the...

CLSA-2025-1758031199 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

Possible XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

Mozilla Firefox 3.5 - Font tags Remote Buffer Overflow

Firefox 3.5 Vulnerability Firefox 3.5 Heap Spray Vulnerabilty Author: SBerry aka Simon Berry-Byrne Thanks to HD Moore for the insight and Metasploit for the payload Loremipsumdoloregkuw Loremipsumdoloregkuwiert Loremikdkw / Calc.exe / var shellcode =...