59100 matches found
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
PT-2025-46184
Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to cross-site scripting when a dashboard is edited through an AJAX call. This allows fo...
Microsoft Edge (Chromium) < 142.0.3595.66 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 142.0.3595.66. It is, therefore, affected by multiple vulnerabilities as referenced in the November 6, 2025 advisory. - Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote...
MAL-2025-49459 Malicious code in elf-stats-storybook-cookiejar-880 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41a568cb0be6c18f5ce4e4ab81bd7dfe0b1026ba19749c2fee13f5ba70a586b4 The package elf-stats-storybook-cookiejar-880 was found to contain malicious code...
CVE-2025-64187
OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully...
OSV-2025-884 Heap-use-after-free in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=458199402 Crash type: Heap-use-after-free READ 8 Crash state: JSDefineProperty buildbacktrace JSCallInternal...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0423-1 Rating: important References: 1253089 Cross-References: CVE-2025-12725 CVE-2025-12726 CVE-2025-12727 CVE-2025-12728 CVE-2025-12729 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes ...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
Fake 0-Day Exploit Emails Trick Crypto Users Into Running Malicious Code
Bolster AI reveals a new scam using a simple JS code via Emkei's Mailer to fake 37% profits and steal crypto. Act fast to secure your wallet...
SUSE CVE-2025-12727
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-63640
CVE-2025-63640 affects SourceCodester Medicine Reminder App v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the Medicine Name and Notes (Optional) fields when creating an Upcoming Reminder . The root cause is improper input handling/filtration that allows injection of arbitrary HT...
OctoPrint 安全漏洞
OctoPrint is an open source application from OctoPrint. It provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint 1.11.3 and prior versions that originated from allowing arbitrary HTML and JavaScript to be injected into Action Command...
PT-2025-45528
Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.6.224 and prior Open WebUI versions 0.6.34 and prior Open WebUI version 0.6.33 and prior Description Open WebUI, a self-hosted artificial intelligence platform, contains a code injection vulnerability within the Direct...
CVE-2025-12036
CVE-2025-12036 is an out-of-bounds memory access in V8 within Google Chrome, prior to version 141.0.7390.122. The issue allows a remote attacker to trigger memory access errors via a crafted HTML page. The vulnerability is rated High (CVSS 3.1: 8.8) with Network attack vector, no privileges requi...
CVE-2025-12036
Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
CVE-2025-11219
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...
CVE-2025-11219
CVE-2025-11219 affects Google Chrome/Chromium: a use-after-free in V8 prior to 141.0.7390.54 allows potential out-of-bounds memory access via a crafted HTML page. The Chrome 141.0.7390.54 update (and related Debian/ Alpine security advisories) fixes this issue. The CVSS v3.1 base score is 3.1 (Lo...
CVE-2025-11219
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...