REDAXO allows Arbitrary File Upload in the mediapool page

Summary An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware. Details On the latest version of Redaxo, v5.18.2, the mediapool/media page is vulnerable to arbitrary...

DOM-based Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...

Linux Distros Unpatched Vulnerability : CVE-2024-47878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET...

Linux Distros Unpatched Vulnerability : CVE-2021-32718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's ban...

Linux Distros Unpatched Vulnerability : CVE-2021-41164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affe...

Linux Distros Unpatched Vulnerability : CVE-2021-32719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI vi...

Linux Distros Unpatched Vulnerability : CVE-2021-43331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. CVE-2021-43331 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2024-32484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to...

Linux Distros Unpatched Vulnerability : CVE-2023-40577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...

Linux Distros Unpatched Vulnerability : CVE-2021-32808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside t...

CVE-2025-1934

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it...

CVE-2025-26091

A Cross Site Scripting XSS vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the "My...

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

DEBIAN-CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

UBUNTU-CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-1934

CVE-2025-1934 is a Firefox/Thunderbird memory-safety issue caused by interrupting the RegExp bailout, which could trigger garbage collection when not expected. Affected: Firefox before 136, Firefox ESR before 128.8, Thunderbird before 136, and Thunderbird before 128.8. Exploitation status is not ...

CVE-2025-1934 Unexpected GC during RegExp bailout processing

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-1934 Unexpected GC during RegExp bailout processing

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-26091

CVE-2025-26091 is a Cross Site Scripting (XSS) flaw in TeamPasswordManager up to version 12.162.284 (and earlier). The issue arises when a malicious payload is placed in the name parameter during creation of a new password on the “My Passwords” page, allowing an attacker to execute arbitrary Java...