EUVD-2026-25272

@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid codeverifier values including one-character strings for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the...

CVE-2023-52912 drm/amdgpu: Fixed bug on error when unloading amdgpu

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: 377.706202 kernel BUG at drivers/gpu/drm/drmbuddy.c:278! 377.706215 invalid opcode: 0000 1 PREEMPT SM...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-005)

The version of firefox installed on the remote host is prior to 102.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-005 advisory. A double-free in libwebp could have led to memory corruption and a potentially exploitable crash. CVE-2023-1999 I...

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Code injection

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32211

CVE-2023-32211 describes a type checking bug in Mozilla Firefox and Thunderbird that could lead to invalid code being compiled. The connected documents confirm the flaw affects Firefox versions prior to 113, Firefox ESR prior to 102.11, and Thunderbird prior to 102.11. Multiple security advisorie...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

AlmaLinux 9 : thunderbird (ALSA-2023:3150)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3150 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofin...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:2176-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2176-1 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential use...

CVE-2023-32211

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

UBUNTU-CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Mozilla Firefox ESR < 102.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-17 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian...

CVE-2020-12647

Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability...

XnConvert 1.82 - Denial of Service (PoC)

Exploit Title: XnConvert 1.82 - Denial of Service PoC Date: 2019-12-21 Vendor Homepage: https://www.xnview.com Software Link: https://www.xnview.com/en/apps/ Exploit Author: Gokkulraj TwinTech Solutions Tested Version: v1.82 Tested on: Windows 7 x64 1.- Download and install XnConvert 2.- Run pyth...

Non-Exploitable Security Issues

Invalid Code The following code was found in the XOOPS project. User input is saved in the variable $filter and then used in a call to eval - a security nightmare. image.php 301 302 303 $filter = isset$GETfilter ? $GETfilter : false; $destinationimage = imagecreatetruecolor$tnwidth, $tnheight;...

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)

Microsoft Windows - nt!NtCreateThread Race Condition with Invalid Code Segment MS10-047 Microsoft Windows nt!NtCreateThread race condition with invalid code segment ---------------------------------------------------------------------------- CVE-2010-1888 Creating a new thread on windows involves...

MS Windows nt!NtCreateThread Race Condition Invalid Code (MS10-047)

Exploit for windows platform in category dos / poc =================================================================== MS Windows nt!NtCreateThread Race Condition Invalid Code MS10-047 =================================================================== Microsoft Windows nt!NtCreateThread race...