webkitgtk: use-after-free in WebCore::Frame::page

A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash...

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from vulnerability to HTML...

Nokia Single RAN 安全漏洞

Nokia Single RAN is a wireless network technology from Nokia, Finland. A security vulnerability exists in Nokia Single RAN 23R2-SR prior to version 1.0 MP, which stems from a failure to restrict specific HTTP POST requests sent over the MNO internal RAN management network, which could lead to...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

VulnCheck KEV: CVE-2025-6554

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

SUSE CVE-2025-6442

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient DevTools data validation, which can be exploited by an attacker to execute arbitrary code via a crafted HTML page...

HTACG HTML Tidy 安全漏洞

HTACG HTML Tidy is an open source HTML tool from HTML Tidy Advocacy Community Group. A security vulnerability exists in HTACG HTML Tidy version 5.8.0 due to a memory leak in the defaultAlloc function in the src/alloc.c file...

The vulnerability of the SAP Field Logistics module of the SAP S/4HANA software platform allows a perpetrator to compromise data integrity.

The vulnerability of the SAP Field Logistics module of the SAP S/4HANA software platform is related to errors in handling HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise data integrity from a remote location...

Robot Context Protocol (RCP): a Runtime-Agnostic Interface for Agent-Aware Robot Control

The Robot Context Protocol RCP is a lightweight, middleware-agnostic communication protocol designed to simplify the complexity of robotic systems and enable seamless interaction between robots, users, and autonomous agents. RCP provides a unified and semantically meaningful interface that...

OESA-2025-1650 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium securi...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Miliaris Amigdala 跨站脚本漏洞

Miliaris Amigdala is an application from the Italian company Miliaris. A cross-site scripting vulnerability exists in Miliaris Amigdala version v2.2.6, which stems from cross-site scripting in the Data Resource Management function that could lead to the execution of arbitrary HTML...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, as well as in versions starting from 8.3. up to 8.3.19, and from 8.4. up to 8.4.5, when the HTTP request module parses HTTP responses received from servers, folded headers are parsed incorrectly. This may lead to...

UBUNTU-CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

Citizen 跨站脚本漏洞

Citizen is a beautiful, easy-to-use and responsive MediaWiki skin from the Star Citizen Wiki team. A cross-site scripting vulnerability exists in versions prior to Citizen 3.3.1, which stems from the insertion of raw HTML in CommandPaletteFooter, and could lead to arbitrary HTML injection...

UBUNTU-CVE-2025-5986

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...