1751 matches found
RosarioSIS 6.7.2 - Cross-Site Scripting
RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...
CVE-2026-41663
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...
DEBIAN-CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
CVE-2026-50591
Znuny LTS is affected by CVE-2026-50591: stored XSS via user preferences in versions prior to 6.5.21 and prior to 7.3.3. The CVSS vector indicates a LOW privileges requirement with user interaction and network attack vector, leading to a Confidentiality/Integrity impact in practice, with Availabi...
CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
CVE-2026-50591
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
EUVD-2026-34782
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
PT-2026-46898
IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...
Oracle Linux 8 : firefox (ELSA-2026-21382)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-21382 advisory. 140.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.11.0 -...
thunderbird security update
140.10.1-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.10.1 - Add OpenELA debranding 140.10.1-1 - Update to 140.10.1 ESR...
rgui-3.4.4-seh-bof-exploit
Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
CVE-2026-28988 describes a permissions issue where an app may bypass certain Privacy preferences. The vulnerability is addressed in Apple security updates: iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, and watchOS 26.5. The connected advisories (NCSC-2026-0138/0139 and Apple security no...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
CVE-2026-28988
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences...
thunderbird security update
140.10.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.10.0 - Add OpenELA debranding 140.10.0-1 - Update to 140.10.0 ESR...
CVE-2026-41663
Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...