Mozilla Thunderbird Security Update (mfsa_2025-61) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

WordPress Houzez Theme <= 4.0.4 is vulnerable to Local File Inclusion

Software Houzez Type Theme Vulnerable versions = 4.0.4 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53198 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d9a95839ea4d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...

WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6044522ff419 Credits LVT-tholv2k Required privilege...

Lost fees

Lines of code Vulnerability details Impact Buyers do not get any split of the fees. It is instead to be distributed to holders. But holder splits on successive buys are partially lost to the contract and cannot be recovered. Proof of concept The buyer's rewardsLastClaimedValueidmsg.sender is...

WordPress Mediabay Plugin <= 1.6 is vulnerable to Broken Access Control

Software Mediabay Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46612 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 01f288807115 Credits emad Required privilege Subscriber...

Well.sol contract allows anyone to add liquidity to tokens with fee-on-transfer by calling the addLiquidity function

Lines of code Vulnerability details Impact A malicious user can call the wrong function for adding liquidity for a pair with fee-on-transfer tokens. The reserves information maintained within the contract suffers from an inconsistency which can result in various miscalculations for liquidity...

Loss of yield can occur due to not specifying minAmountsOut when exiting BAL/ETH pool

Lines of code Vulnerability details Impact When exiting the BAL/ETH pool, due to not specifying anything for minAmountsOut an attacker can frontrun the transaction and cause a large change in price in the pool. This in turn leads to a large impermanent loss which is realised when the strategy bur...

Enhance Network Resiliency with Contingency DDoS Protection

Recent digital market outages have proven the fragility of network infrastructure. When your primary service provider experiences an unexpected outage, your infrastructure is left unprotected and vulnerable to a DDoS attack. The downtime you face waiting for your DDoS mitigation to start working...

User does not get funds if sending ETH in LidoVault.sol fails, funds stay suck in the contract

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. If the user uses smart contract to interact with the protocol with no receive/ payable fallback function, sending of ETH to the user will fail and the ETH would stay in the contract and withdraw action...

Fee can possibly be set maliciously

Lines of code Vulnerability details Fee is set by an admin and can be set maliciously to steal the funds that are entitled to go to the user. Impact Fee can be set to a maliciously high value to unfairly extract funds from protocol users. An owner can buy options, set fee to 100% and exercise...

Holiday “to-do list” for cybersecurity professionals working in eCommerce

The period from mid-November to the end of the year is always particularly stressful for cybersecurity professionals in the eCommerce space. It seems like every hacker and cyber criminal on earth is trying even harder to steal customers’ data or stop digital business operations. And the reason it...

Do CAPTCHAs work and what’s the alternative?

We know youre busy, so the answer is “No”. Users want less friction, and a good bot detection and mitigation solution will do the job MUCH better. The first lesson on the first day of UI school is that users want the path of least resistance. While the gamification of cybersecurity does have a...

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Vulnerability

Exploit for multiple platform in category web applications Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version :...

[security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03691745 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03691745 Version: 1 HPSBST02848...

Apache ActiveMQ Source Code Disclosure

Apache ActiveMQ Source Code Disclosure Vulnerability SecPod Technologies www.secpod.com Author Veerendra G.G SecPod ID: 1002 04/18/2010 Issue Discovered 04/20/2010 Vendor Notified 04/21/2010 Fix Available Class: Source code disclosure Severity: Medium Overview: --------- Apache ActiveMQ is prone ...

PHP-Calendar 1.1 Remote/Local File Inclusion

============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...

directory.php

The SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11017";...

Sun Solaris SSH Daemon fails to properly log client IP addresses

Overview The Sun Solaris Secure Shell Daemon sshd may incorrectly log client IP addresses. Description SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in t...