GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

EUVD-2026-18583

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

PT-2025-50101

Name of the Vulnerable Software and Affected Versions Mercury MR816v2 version 4.8.7 Build 110427 Rel 36550n Description A buffer overflow occurs when the device accepts and stores excessively long hostnames from LAN hosts without proper length validation. The affected code performs unchecked copi...

EUVD-2020-16875

Malware in sbrugna...

EUVD-2024-41710

Malicious code in bioql PyPI...

CVE-2024-45206

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...

Exploit for OS Command Injection in Cacti

Command injection vulnerability in Cacti CVE-2023-39362 - Po...

CVE-2023-6660 NFS client data corruption and kernel memory disclosure

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

Mageia: Security Advisory (MGASA-2021-0164)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-31344

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. ICMP echo packets with fake IP...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0131)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as...

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

Server side request forgery (ssrf)

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

Server side request forgery (ssrf)

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:1307-1)

This update for MozillaFirefox fixes the following issues : Firefox was updated to 78.10.0 ESR bsc1184960 - CVE-2021-23994: Out of bound write due to lazy initialization - CVE-2021-23995: Use-after-free in Responsive Design Mode - CVE-2021-23998: Secure Lock icon could have been spoofed -...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Mozilla: More internal network hosts could have been probed by a malicious webpage

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...