EUVD-2026-24603

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect...

EUVD-2026-5000

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

CVE-2025-10859

CVE-2025-10859 affects Mozilla Firefox for iOS (pre-143.1). The issue is an information disclosure caused by cookie storage for non-HTML temporary documents being shared with normal browsing content, allowing data from private/incognito tabs to be exposed even after all tabs are closed. Impact de...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-07430)

Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox Search feature, which allows attackers to read log files and access file: URLs of HTML documents...