UBUNTU-CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6425

CVE-2025-6425 concerns a WebCompat WebExtension issue in Firefox/Thunderbird where enumerating resources could obtain a persistent, browser-identifying UUID that remains across containers and normal/private browsing (not in profiles). Affected: Firefox < 140, Firefox ESR < 115.25, Firefox E...

CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

Mozilla -- persistent UUID that identifies browser

[email protected] reports: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox E...

Cross-Site Scripting (XSS)

ibexa/admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-generated content, allowing attackers with Editor or Administrator privileges to inject persistent XSS payloads that can later execute in the front office...

📄 Glass Cage Zero-Click iMessage Exploit Details

Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Tracing: Do not allow mmap of persistent ring buffers. When attempting to mmap a trace instance buffer that is attached to reservemem, it would cause a crash: BUG: Unable to handle a page fault for address: ffffe97bd00025c8 PF:...

PT-2025-25497 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns PingFederate OAuth2 grant duplication in PostgreSQL persistent storage, allowing OAuth2 requests to use excessive memory utilization. Recommendations: At the moment,...

Ibexa RichText Field Type XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

GHSA-5R6X-G6JV-4V87 Ibexa Admin UI XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

Ibexa Admin UI assets XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

Ibexa eZ Platform Admin UI XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

PT-2025-26624 · Packagist · Ibexa/Admin-Ui

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

SUSE-SU-2025:20416-1 Security update for systemd

This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern CVE-2025-4598 - Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific - umount: do not move busy network mounts bsc1236177 - man/pstore.conf: pstore.conf template is n...

SUSE-SU-2025:20405-1 Security update for systemd

This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern CVE-2025-4598 - Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific - umount: do not move busy network mounts bsc1236177 - man/pstore.conf: pstore.conf template is n...

Malicious code in @loybung/inject (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2360caebc7c178c732c57b8da900d7e303a05b8a498693b6f6449abad8fbb19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipreqs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94775693df8241bc82973cceb421a0a3263d044d7a810c724173c0b4ada361bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d3ceb026e94d925a50747700634d96a0e709e7c3882dac41638f6578a9e7228 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling "PathWiper". The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the...

CVE-2024-3509

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...