CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...

CVE-2025-55032

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus for iOS 142...

CVE-2025-55032 Focus incorrectly ignores Content-Disposition headers for some MIME types

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-55032 Focus incorrectly ignores Content-Disposition headers for some MIME types

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-55032

Mozilla Focus for iOS contains a vulnerability where Content-Disposition headers of type Attachment are not respected, causing content to display inline and enabling cross-site scripting (XSS) for Focus for iOS versions prior to 142. Multiple connected sources corroborate this issue and point to ...

CVE-2025-55030 Content-Disposition headers incorrectly ignored for some MIME types

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-55030

CVE-2025-55030 concerns Firefox for iOS where a mis-handling of the Content-Disposition header (Attachment) allows inline content display and potential XSS. Affected: Firefox for iOS versions prior to 142. Root cause: improper handling of the Content-Disposition header for certain MIME types. Imp...

CVE-2025-55030 Content-Disposition headers incorrectly ignored for some MIME types

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142...

Security Vulnerabilities fixed in Firefox for iOS 142 — Mozilla

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some...

PT-2025-33826 · Mozilla · Firefox For Ios

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 142 Description: Firefox for iOS did not correctly handle the Content-Disposition header of type Attachment, resulting in content being displayed inline instead of being downloaded. This behavior could...

BIT-SUPERSET-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-55674

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

Linux Distros Unpatched Vulnerability : CVE-2022-50082

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix warning in ext4iomapbegin as race between bmap and write We got issue as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at...

Linux Distros Unpatched Vulnerability : CVE-2025-21874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journa...

Linux Distros Unpatched Vulnerability : CVE-2018-13099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of- bounds memory access and BUG can occur for a modified...

Linux Distros Unpatched Vulnerability : CVE-2025-38222

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: inline: fix len overflow in ext4prepareinlinedata When running the following code on an ext4 filesystem with inlinedata feature enabled, it will lead to...

Malicious code in volcano-fjord-inl525-project (npm)

The package volcano-fjord-inl525-project was found to contain malicious code...

MAL-2025-29546 Malicious code in postcss-url-inline-base64 (npm)

The package postcss-url-inline-base64 was found to contain malicious code...

Malicious code in postcss-url-inline-base64 (npm)

The package postcss-url-inline-base64 was found to contain malicious code...

Malicious code in handlebars-inline-precompile (npm)

The package handlebars-inline-precompile was found to contain malicious code...