142 matches found
Astra Linux - уязвимость в firefox, thunderbird
Using techniques based on slipstream research, a malicious webpage could scan both the hosts of an internal network and the services running on the user’s local machine, using WebRTC connections. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...
Astra Linux - уязвимость в firefox, thunderbird
Additional techniques that built upon the slipstream research, combined with a malicious web page, could have exposed both hosts within an internal network as well as services running on the user’s local machine. This vulnerability affects Firefox versions earlier than 85...
CVE-2026-40516
Technical details about CVE-2026-40516 are not publicly available in the provided Connected documents; the description exists but without explicit vendor/product/versions in this set. Monitor for updates.
Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 代码问题漏洞
Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are security orchestration, automation, and response software developed by Fortinet, a US-based company. Both versions of Fortinet FortiSOAR PaaS and FortiSOAR on-premise have code vulnerabilities that stem from server-side request forgery...
CVE-2021-27999
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...
CVE-2026-27850
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
CVE-2025-68723
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
EUVD-2025-206861
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...
Server-side Request Forgery (SSRF)
Overview agentos-taskweaver is an A code-first agent framework for seamlessly planning and executing data analytics tasks Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the network configuration process. An attacker can access local services running on th...
BIT-NODE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...
MiracleLinux 8 : gupnp-1.0.6-2.el8 (AXSA:2021-2196:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2196:02 advisory. gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services CVE-2021-33516 Tenable has extracted t...
EUVD-2021-2139
Malware in sbrugna...
EUVD-2020-2707
Malware in sbrugna...
EUVD-2021-10882
Malware in sbrugna...