PT-2026-43533

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Version 4.28.0 of ApostropheCMS has a security vulnerability. This vulnerability stems from the sanitize-html package’s ability to bypass the allowedTags enforcement mechanism, potentially leading to...

Cross-site Scripting (XSS)

Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...

MiracleLinux 9 : firefox-140.5.0-1.el9_7.ML.1 (AXSA:2025-11515:36)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11515:36 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

RHEL 8 : firefox (RHSA-2025:22363)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22363 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

RLSA-2025:21881 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...

Linux Distros Unpatched Vulnerability : CVE-2025-10201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via...

Linux Distros Unpatched Vulnerability : CVE-2018-6074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML...

PT-2022-21448 · Unknown · Lansweeper

Name of the Vulnerable Software and Affected Versions: Lansweeper version 10.1.1.0 Description: A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality. This allows an attacker to send a specially-crafted HTTP request, leading to arbitrary Javascript...

UBUNTU-CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

Design/Logic Flaw

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page...

CVE-2020-13321

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added...