2855 matches found
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
CVE-2026-35569
CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
SUSE SLES15 Security Update : kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1274-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1274-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: -...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
exploit-CVE-2026-23744 MCPJam Inspector is a local-first devel...
EUVD-2026-21216
When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...
GHSA-M758-WJHJ-P3JQ Wasmtime has a possible panic when lifting `flags` component value
Impact Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This pani...
CVE-2026-34943 Wasmtime panics when lifting `flags` component value
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...
EUVD-2025-209388
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
PT-2026-31638
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2025-70365
Kiamo has a stored XSS vulnerability in versions before 8.4 due to improper output encoding of user input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript that executes in other users’ browsers. The CVE record notes a prior fix for the 8.3.1 branc...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
CVE-2026-39892
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. This vulnerability is fixed in...