CVE-2026-44245

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

CVE-2026-44245 Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

GHSA-Q98M-7W8C-W388 Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

PT-2025-5353 · Unknown +1 · Kubewarden-Controller +1

Name of the Vulnerable Software and Affected Versions: kubewarden-controller versions prior to 1.21.0 Description: The issue concerns the validation of namespaced resources by AdmissionPolicy and AdmissionPolicyGroup policies in kubewarden-controller. An attacker can exploit this to prevent the...

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

Amazon Linux 2 : thunderbird (ALAS-2023-1983)

The version of thunderbird installed on the remote host is prior to 102.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1983 advisory. 2024-02-15: CVE-2023-0616 was added to this advisory. If a MIME email combines OpenPGP and OpenPGP MIME data in a...

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

USN-5880-2: Firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0469-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0469-1 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag...

Rocky Linux 9 : firefox (RLSA-2023:0810)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0810 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

Rocky Linux 8 : thunderbird (RLSA-2023:0821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0821 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

Rocky Linux 8 : firefox (RLSA-2023:0808)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0808 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:0461-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0461-1 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5880-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5880-1 advisory. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-047-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-047-01 advisory. - If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to...

Debian DSA-5350-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5350 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...

Debian dla-3319 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3319 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3319-1 [email protected]...