CVE-2019-10750

deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a proto payload...

CVE-2017-16881

b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...

Mozilla Thunderbird < 138.0.2

The version of Thunderbird installed on the remote Windows host is prior to 138.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-41 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index...

PT-2025-22569 · Unknown · Abup Cloud Update Platform

Name of the Vulnerable Software and Affected Versions: ABUP Cloud Update Platform affected versions not specified Description: The issue allows actors to perform privilege escalation by submitting a maliciously crafted JavaScript object notation JSON web token JWT to a vulnerable method exposed o...

Mozilla Thunderbird < 128.10.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-40 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing...

DEBIAN-CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

firefox: thunderbird: Out-of-bounds access when optimizing linear sums

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

CVE-2025-4919

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

firefox: thunderbird: Out-of-bounds access when optimizing linear sums

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

SUSE CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

DEBIAN-CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

UBUNTU-CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

CVE-2025-4919 Out-of-bounds access when optimizing linear sums

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

CVE-2025-4919

CVE-2025-4919 describes an out-of-bounds read/write in JavaScript objects caused by confusing array index sizes, affecting Firefox including aliases (Firefox &lt; 138.0.4, ESR &lt; 128.10.1, ESR &lt; 115.23.1) and Thunderbird (Thunderbird &lt; 128.10.2; Thunderbird

CVE-2025-4921

...

CVE-2025-4921

Removed by vendor...

firefox -- out-of-bounds read/write

[email protected] reports: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...

Mozilla Firefox ESR < 128.10.1

The version of Firefox ESR installed on the remote Windows host is prior to 128.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-37 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index...