576 matches found
ROS-20250505-04
The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
CVE-2025-4051 involves insufficient data validation in DevTools of Google Chrome/Chromium, allowing a remote attacker to bypass discretionary access control when a user is persuaded to perform specific UI gestures on a crafted HTML page. The vulnerability affects Chrome before version 136.0.7103....
Fedora 40 : chromium (2025-b1804b97fc)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1804b97fc advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a hacker to disclose protected information.
The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
Google Chrome < 136.0.7103.48 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 136.0.7103.48. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop29 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...
The vulnerability of the Jenkins automation server, related to insufficient protection of service data, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from insufficient cleaning of sensitive...
Linux Distros Unpatched Vulnerability : CVE-2024-7977
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a...
Linux Distros Unpatched Vulnerability : CVE-2025-0443
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI...
Linux Distros Unpatched Vulnerability : CVE-2020-16015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
Linux Distros Unpatched Vulnerability : CVE-2020-16030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HT...
Linux Distros Unpatched Vulnerability : CVE-2020-16032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a...
The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-1108 Insufficient data authenticity vulnerability in Janto
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...
ROS-20250203-06
A vulnerability in the LibreOffice office suite is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to disclose confidential information LibreOffice office suite vulnerability is related to incorrect path name restriction to a...