12003 matches found
firefox: thunderbird: Privilege escalation in the DOM: Workers component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...
firefox: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Privilege escalation in the DOM: Workers component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...
firefox: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
MINI-VG98-2MRX-M84W
Bulletin has no description...
MINI-GX55-55JC-H6FG
Bulletin has no description...
MINI-M547-3C76-4V5G
Bulletin has no description...
EUVD-2026-32276
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...
MINI-H348-PFV3-VPJV
Bulletin has no description...
CVE-2026-46014
CVE-2026-46014 is a Linux kernel vulnerability affecting KVM/SVM where save/restore of LBR and DEBUGCTL MSRs was incomplete. The issue arose because MSR_IA32_DEBUGCTLMSR and LBR MSRs were not included in the msrs_to_save_base list and could not be set/restored properly, breaking save/restore acro...
CVE-2026-46014
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...
Defending at Machine-Speed: Building AI Threat Readiness with Wiz
How Wiz helps organizations adopt an AI Operating Model for AI Threat Readiness...
CVE-2026-40836
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
CVE-2026-48968 WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...
CVE-2026-48968
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...
CVE-2026-48968
The CVE-2026-48968 entry describes a DOM-based XSS vulnerability in the WordPress plugin Master Slider, affecting versions up to 3.10.8. The issue is caused by improper neutralization of input during web page generation. Impact is described as cross-site scripting with low to moderate implication...
CVE-2026-40836
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
EUVD-2026-32135
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
CVE-2026-40836 Authenticated SQLi in inmessage model
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
CVE-2026-40836 Authenticated SQLi in inmessage model
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...