17049 matches found
PT-2025-49798
Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...
Mozilla Firefox ESR < 140.6
The version of Firefox ESR installed on the remote Windows host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-94 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR 140.6...
Mozilla -- Sandbox escape
https://bugzilla.mozilla.org/showbug.cgi?id=1996473 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...
Linux Distros Unpatched Vulnerability : CVE-2025-14322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31,...
CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
Static Web Server vulnerable to a symbolic link path traversal
Summary Symbolic links symlinks could be used to access files or directories outside the intended web root folder. Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they...
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
Google Chrome Improperly Implemented Vulnerability
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a DevTools mal-implementation, which can be exploited by an attacker to sandbox escape by convincing a user to install a malicious extension, possibly using a...
Medium: python-ldap
Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue...
Amazon Linux 2 : glib2, --advisory ALAS2-2025-3094 (ALAS-2025-3094)
The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3094 advisory. A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring...
Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3083 (ALAS-2025-3083)
The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3083 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...
Exploit for CVE-2024-28397
CVE-2024-28397 Exploit Automation A Python automation script...
SUSE CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
EUVD-2025-201404
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
ALPINE-CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
AlmaLinux 10 : buildah (ALSA-2025:22012)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22012 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 golang: archive/tar: Unbounded...
Microsoft Edge (Chromium) < 143.0.3650.66 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.66. It is, therefore, affected by multiple vulnerabilities as referenced in the December 4, 2025 advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote...
📄 Visual Studio 1.39.0 Remote Debugger
Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...