Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input handling. This vulnerability may allow users with write permissions for Elasticsearch indexes to persistently store...

MAL-2026-3228 Malicious code in ziugxfbvo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 257409f82e56689d4cd8ebe7ac8ae8e09203ecbd7eab311970e4bdeb7be92b05 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

EUVD-2016-7738

Malware in sbrugna...

EUVD-2016-7728

Malware in sbrugna...

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

CVE-2025-4316

Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up...

The vulnerability of the Navigation section in the Google Chrome browser is related to insufficient compliance with policies, which allows attackers to increase their privileges.

The vulnerability of the Navigation section in the Google Chrome browser is related to insufficient compliance with policies. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a series of actions on the user interface...

SUSE CVE-2022-3049

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2023-0703

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. Chromium security severity: Medium...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 105.0.5195.52, which originates from a boundary error when handling untrusted input in the WebUI. An attacker can exploit the vulnerability to trick a user...

DEBIAN-CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the interface for accessing resources on the Cisco BroadWorks Application Server’s XSI-Actions server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the interface for accessing resources on the Cisco BroadWorks Application Server’s XSI-Actions server is related to deficiencies in data protection. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

UBUNTU-CVE-2020-6480

Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions...

CVE-2018-1999029

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

foreman: API and UI actions/URLs not limited to the orgs/locations assigned

It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to...

Debian Security Advisory DSA 3238-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...

DSA-3238-1 chromium-browser - security update

Bulletin has no description...