EUVD-2026-10896

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...

KLA89242 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

KLA89244 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

EUVD-2015-6645

Malware in sbrugna...

EUVD-2015-3148

Malware in sbrugna...

EUVD-2015-6659

Malware in sbrugna...

EUVD-2015-6652

Malware in sbrugna...

EUVD-2015-6657

Malware in sbrugna...

EUVD-2015-3146

Malware in sbrugna...

EUVD-2006-4558

Malware in sbrugna...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

SUSE CVE-2006-4570

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message...

SUSE CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils aka nsDOMWindowUtils methods, which allows remote attackers to bypass intended access restrictions v...

CVE-2022-2105

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

CVE-2022-1667

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC e.g., from the browser console or by loading the corresponding, browser accessible PHP script...

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

Cross-site Scripting (XSS) - Stored in convos-chat/convos

Description I found a way to bypass the Stored XSS via uploading File with format .svg when chatting in private conversation. Since you have filtered the content of the svg file as below: state $RULES = svg = qr Steps to Reproduce 1.After login, go to any private conversation. 2.In the chat bar,...

Improper access control

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console...

PHP Laravel 8.70.1 - Cross Site Scripting to Cross Site Request Forgery Vulnerability

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We can bypass larav...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540...