firefox: thunderbird: Script element events leaked cross-origin resource status

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...

firefox: thunderbird: Script element events leaked cross-origin resource status

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

GHSA-62JJ-GR2R-5C34 vulnerabilities

Vulnerabilities for packages: newrelic-k8s-metadata-injection, kubernetes-csi-external-snapshotter-fips, promxy, victoriametrics-operator-fips, terraform-provider-azapi, scorecard, kubevela-fips, kind, blobfuse2-fips, prometheus-pushgateway-fips, helm-fips, vendir-fips, opentofu-fips,...

WordPress plugin Zagg - Electronics & Accessories WooCommerce WordPress Theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

OESA-2025-1635 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox 139,...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

CVE-2025-41233

CVE-2025-41233 affects VMware Avi Load Balancer. An authenticated attacker can trigger blind SQL injection in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized DB access. Impact described as moderate (CVSSv3 base score up to 6.8). Remediation requ...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

VMware AVI Load Balancer 安全漏洞

VMware Avi Load Balancer is a load balancing platform from VMware. VMware Avi Load Balancer suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

dotnet: .NET Remote Code Vulnerability

A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files...

OSV-2025-454 Use-of-uninitialized-value in _cups_strcasecmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=423573723 Crash type: Use-of-uninitialized-value Crash state: cupsstrcasecmp ppdloadconstraints ppdConflicts...

ClipShare 代码问题漏洞

ClipShare is a cross-device shared clipboard by Thevindu Wijesekera Individual Developer. A code issue vulnerability exists in ClipShare versions prior to 3.8.5, which stems from a DLL being loaded in the wrong order, and may result in local elevation of privilege...

firefox: thunderbird: Script element events leaked cross-origin resource status

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...

PT-2025-24675 · Siemens · Scalance Xcm328 +20

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RST2428P versions prior to V3.2 SCALANCE XC316-8 versions prior to V3.2 SCALANCE XC324-4 versions prior to V3.2 SCALANCE XC324-4 EEC versions prior to V3.2 SCALANCE XC332 versions prior to V3.2 SCALANCE XC416-8 versions prior to V3....

firefox: thunderbird: Script element events leaked cross-origin resource status

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...

CVE-2025-5586

The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2025-5586 WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

SUSE CVE-2025-5643

A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function consstackload in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The...