CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

CVE-2026-8876 CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

CVE-2025-8751

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. It is possible to initiate the attack...

CVE-2025-8751

CVE-2025-8751 affects Protected Total WebShield Extension up to version 3.2.0 (Chrome), specifically the Block Page component. The issue arises from manipulation of the Category parameter, which can trigger a cross-site scripting (XSS) vulnerability. The attack can be initiated remotely, but the ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting

Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Piwigo plugin User Tag , Persistent XSS Date: 10 Aug, 2017 Extension Version: 0.9.0 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=441 Exploit Author: Touhid M.Shai...

[20091103] - Core - XML File Read Issue

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension...

Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Overview The digital certificate that was used to sign jar files in the Java Cryptography Extension JCE 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after...