37 matches found
JLSEC-2026-38
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
CVE-2025-68467
Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...
EUVD-2022-33234
Malicious code in bioql PyPI...
CVE-2025-59532
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
PT-2025-28206 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - FlaggedRevs Extension versions 1.43.X through 1.43.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-Site Scripting XSS. This allows for Cross-Site Scripting XS...
CVE-2025-31480
The CVE-2025-31480 affects the aiven-extras PostgreSQL extension. The root cause is the format function not being schema-prefixed, enabling privilege escalation to superuser in PostgreSQL databases that have aiven-extras installed. Remediation per the sources is to upgrade to version 1.1.16 and, ...
GHSA-HJ78-P4H7-M5FV TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
Problem Description A vulnerability in the account linking logic of the extension allows a pre-hijacking attack leading to Account Takeover. The attack can only be exploited if the following requirements are met: - An attacker can anticipate the email address of the user. - An attacker can regist...
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
Problem Description A vulnerability in the account linking logic of the extension allows a pre-hijacking attack leading to Account Takeover. The attack can only be exploited if the following requirements are met: - An attacker can anticipate the email address of the user. - An attacker can regist...
PT-2023-20274 · Veracode · Veracode Azure Devops Extension +2
Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Veracode Azure DevOps Extension versions prior to 3.20.0 Description: A credential-leak issue was discovered in related Veracode products. The Veracode Scan Jenkins Plugin, when...
DEBIAN-CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema the ability to lure or wait for an administrator to create or update an affected extension in that schema and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites this flaw allows an attacker to run arbitrary code as the victim role which may be a superuser.
...
AZL-10595 CVE-2022-2625 affecting package postgresql for versions less than 14.5-1
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
CVE-2022-35976
The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or use...
CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution
The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or use...
CVE-2022-35975 Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that ar...
USN-5345-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined...
Mozilla: Extensions could have bypassed permission confirmation during update
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...
Mozilla: Extensions could have bypassed permission confirmation during update
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...
Mozilla: Extensions could have bypassed permission confirmation during update
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permission...