firefox -- multiple vulnerabilities

[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...

Mozilla Firefox ESR < 128.12

The version of Firefox ESR installed on the remote Windows host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory. - The executable file warning did not warn users before opening files with the terminal extension. This bug only...

Security Vulnerabilities fixed in Firefox 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

CVE-2025-49144

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144

CVE-2025-49144 affects Notepad++ installers prior to 8.8.2 (notably v8.8.1). Root cause: insecure executable search paths allow a local attacker to execute a malicious binary (e.g., regsvr32.exe) placed in the same directory as the installer (commonly Downloads), yielding SYSTEM-level privileges ...

CVE-2025-6512

CVE-2025-6512 affects BRAIN2 (PT-Security entry PT-2025-26595) with BRAIN2 versions 0.0–3.05 vulnerable to code injected via report scripts by non-admin users. The script in a report can be executed on the BRAIN2 server with administrator rights, enabling potential code injection. Root cause: imp...

CVE-2025-6512 Scripts within reports executable on BRAIN2 Server

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

CVE-2025-52969

...

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. CVE-2025-23165: add missing call to...

Global Microprocessor Correctness in the Presence of Transient Execution

Correctness for microprocessors is generally understood to be conformance with the associated instruction set architecture ISA. This is the basis for one of the most important abstractions in computer science, allowing hardware designers to develop highly-optimized processors that are functionall...

Exploit for CVE-2025-52969

ClickHouse Executable Table Abuse by Low Privilege User...

Malicious code in bulktweetplus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f66a670d67e37fec4746d5aaf53be9e2f5267c68b667f1becdb55f8d75ce70a Using the function simulates some behavior, but then download and runs an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in bulktweetbyref (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6e44fa722cba73a0757878305b8641ff0539e6c32ffff20b9484ce39ce6a1aa Using the function simulates some behavior, but then download and runs an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Untrusted Search Path

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execut...

[SECURITY] Fedora 41 Update: python3.11-3.11.13-1.fc41

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

Medium: cuda-command-line-tools-12-9

Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...