CVE-2026-34757

CVE-2026-34757 affects libpng 1.0.9 through before 1.6.57. The vulnerability arises when a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST is passed back into the corresponding setter on the same png_struct/png_info pair, causing the setter to read from freed memory and copy it ...

Access Control Bypass

Overview FormCMS is a FormCMS is an open-source Content Management System designed to simplify and accelerate web development workflows for CMS projects and general web applications. It streamlines data modeling, backend development, and frontend design, making them as intuitive as filling out a...

FormCMS 安全漏洞

FormCMS is a page designer for formcms individual developers. A security vulnerability exists in FormCms version 0.5.4, which stems from improper access control of the /api/schemas/history/schemaId endpoint, which could lead to unauthenticated attackers accessing historical schema data...

CVE-2025-59956

The CVE-2025-59956 entry concerns AgentAPI (GitHub project for Claude Code, Goose, Aider, Gemini, Amp, Codex). Affected: 0.3.3 and earlier, when served over plain HTTP on localhost, enabling a client-side DNS rebinding attack that can access the /messages endpoint and exfiltrate local data (messa...

Linux Distros Unpatched Vulnerability : CVE-2011-2845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vector...

Linux Distros Unpatched Vulnerability : CVE-2020-29623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Securi...

CVE-2024-12617

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and...

Malicious code in markets-history-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cb43cd274b13e9601b8d4fa5c53f260feb6f9a2d4fde9e60c555c520153bd6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-205 Malicious code in markets-history-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8cb43cd274b13e9601b8d4fa5c53f260feb6f9a2d4fde9e60c555c520153bd6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-12617

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and...

SUSE CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...

SUSE CVE-2015-5825

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...

CVE-2022-29952

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols 60005/TCP, 60007/TCP for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration BNMC software. These protocol...

Trend Micro Apex One 安全漏洞

Trend Micro OfficeScan XG is a suite of distributed anti-virus software.Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response. Trend Micro Worry-Free Business Security is a suite of enterprise-class information security protection...

UBUNTU-CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete...

Unspecified Vulnerability in Apple macOS Catalina WebKit Component

Apple macOS Catalina is a proprietary operating system developed by Apple for Mac computers.WebKit is one of the components of the Web browser engine. A security vulnerability exists in the WebKit component in Apple macOS Catalina versions prior to 10.15, which stems from the 'Clear History and...

USN-3991-3: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. We apologize for the inconvenience. Original...

CentOS 7 : thunderbird (CESA-2019:1309)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

thunderbird security update

CentOS Errata and Security Advisory CESA-2019:1310 An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...