firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

Google Chrome Competitive Conditions Vulnerability

Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a competitive condition vulnerability that stems from the presence of a competitive condition in v8, which can be exploited by an...

RHEL 8 : thunderbird (RHSA-2025:22791)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22791 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component...

CVE-2025-13308

The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...

CVE-2025-13528

The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handleexport' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to export all feedback data in CSV or...

@adeunis/codecs (>=1.3.0 <=1.4.0), @andrewcturing/todoist (=0.0.1) +53 more potentially affected by CVE-2026-9673 via json-2-csv (>=3.20.0 <=5.5.1)

json-2-csv NPM version =3.20.0, =1.3.0, =1.8.0, =5.0.2, =0.0.1, =0.2.3, =0.1.0, =0.1.0, =0.5.1, =1.0.2, =1.3.1, =3.0.7, =1.0.5, =3.0.9-beta.0 and more Source cves: CVE-2026-9673 Source advisory: SNYK:JS-JSON2CSV-14221326...

PT-2025-49339

The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'reject url' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes...

CVE-2025-66561

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

EUVD-2025-201459

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

Exploit for CVE-2025-55182

CVE-2025-55182 – React2Shell RCE Summary Remote Code Exec...

Exploit for CVE-2025-55182

Verification shell nuclei -l urls...

PT-2025-49303

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

AlmaLinux 8 : firefox (ALSA-2025:22363)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:22363 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

openSUSE 16 Security Update : mozjs128 (openSUSE-SU-2025-20135-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20135-1 advisory. - Update to version 128.14.0 bsc1248162: - CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component - CVE-2025-918...

CVE-2025-66561

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...

CVE-2025-66563

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted...

CVE-2025-66563 Monkeytype vulnerable to stored XSS in approve quotes page

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted...

CVE-2025-66563

Monkeytype (versions prior to 25.49.0) is affected by a stored XSS due to improper handling of user input in quote.text and quote.source, which are inserted into the DOM and rendered if HTML tags are present. The vulnerability can allow an attacker to execute JavaScript for users viewing a malici...

CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)

SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...