Astra Linux - уязвимость в firefox

The sourceMapURL feature in devtools lacked security checks, which would have prevented a webpage from attempting to include local files or other files that should be inaccessible. This vulnerability affects Firefox versions earlier than 99...

MapUrlToZone Security Feature Bypass Vulnerability

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2025-68155

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

CVE-2025-68155

The CVE concerns @vitejs/plugin-rsc (used with Vite) in development mode. Prior to version 0.5.8, the endpoint /__vite_rsc_findSourceMapURL accepts a file:// URL in the filename query parameter, converts it to a filesystem path, and reads the target file without validating its location, returning...

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

EUVD-2025-27297

Malicious code in bioql PyPI...

CVE-2025-54917

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2025-54917

CVE-2025-54917 is a network-exploitable issue in Windows MapUrlToZone that enables circumvention of a security mechanism. The CVSS v3.1 base score is 4.3 (NETWORK, LOW attack complexity, NONE privileges, UI required) with a LOW confidentiality impact. The Connected documents indicate this CVE map...

CVE-2025-54917 MapUrlToZone Security Feature Bypass Vulnerability

...

CVE-2025-54107

CVE-2025-54107 involves the Windows MapUrlToZone component with improper resolution of path equivalence, enabling circumvention of a security feature over a network. The entry lists CVSS 3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (base 4.3, MEDIUM) and notes a network-exposed vector with no privileg...

KLA87444 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

CVE-2025-21247

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

CVE-2025-21219

MapUrlToZone Security Feature Bypass Vulnerability...

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability...

PT-2025-1088 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a denial-of-service vulnerability in the MapUrlToZone method of the IInternetSecurityManager interface in Microsoft Windows operating systems. This vulnerability is...

CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

UBUNTU-CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox 99...

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...

iacworldwide.com XSS vulnerability

Open Bug Bounty ID: OBB-623992 Description| Value ---|--- Affected Website:| iacworldwide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...