CLSA-2026-1773768935 Fix CVE(s): CVE-2026-25968, CVE-2026-25986, CVE-2026-25987

SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser - debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer with heap-allocated string and add length check - CVE-2026-25968 SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing -...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

CVE-2025-63334

PocketVJ CP pvj version 3.9.1 is affected by an unauthenticated remote code execution in submit_opacity.php. The vulnerability is caused by failure to sanitize the opacityValue POST parameter, which is passed to a shell command, enabling remote attackers to execute arbitrary commands with root pr...

CVE-2025-63334

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

PT-2025-45161

Name of the Vulnerable Software and Affected Versions PocketVJ CP versions 3.9.1 Description The application does not properly sanitize user input in the opacityValue POST parameter before it is used in a shell command. This allows remote attackers to execute arbitrary commands with root privileg...

EUVD-2025-37920

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submitopacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell command, allowing remote attackers to execu...

Cross-fading any two DOM elements is currently impossible

Update: A spec change has landed to make this possible, it'll ship in Chrome 100, it's been implemented in Firefox, and it already existed as a non-standard feature in Safari. Soon this feature will be supported across all major browsers! Ok, it isn't always impossible. Be amazed as I cross-fade...

CVE-2019-14792

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectanglename or rectangleopacity parameter...

PT-2019-13837 · WordPress · Wp Google Maps

Name of the Vulnerable Software and Affected Versions: WP Google Maps plugin versions prior to 7.11.35 Description: The issue allows for XSS attacks via the "wp-admin/" endpoint, specifically through the rectangle name or rectangle opacity parameters. Recommendations: For versions prior to 7.11.3...

Foxit Reader Annotations opacity Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Annotation object's...

CVE-2016-0895

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...

CVE-2016-0895

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...

Code injection

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity...

CVE-2013-2866

CVE-2013-2866 affects Google Chrome and Chrome OS where the Flash plugin's handling of an embedded Flash element’s opacity allowed a clickjacking technique to trick users into granting camera or microphone access. Root cause: improper determination of user consent for Flash-permission requests, e...

Mozilla Firefox 1.0.4 - 'Set As Wallpaper' Code Execution

// Exploit by Michael Krax Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image got loaded window.setTimeout"window.stop",1000; Firewalling - Proof-of-Concept The "Set As Wallpaper" dialog takes...

FreeBSD : mozilla -- arbitrary code execution vulnerability (cbfde1cd-87eb-11d9-aa18-0001020eed82)

A Mozilla Foundation Security Advisory reports : Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's 'Fireflashing' example demonstrates that an attacker can op...