419 matches found
CVE-2026-45131
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...
Astra Linux - уязвимость в firefox, thunderbird
If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...
EUVD-2016-2926
Malware in sbrugna...
EUVD-2014-4327
Malware in sbrugna...
EUVD-2016-2900
Malware in sbrugna...
EUVD-2025-27073
Malicious code in bioql PyPI...
EUVD-2025-26075
Malicious code in bioql PyPI...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
PT-2025-36339
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-22441
CVE-2025-22441 concerns a Confused Deputy in Android RemoteViews loading path. The vulnerability arises when RemoteViews.mApplication can influence LoadedApk via getContextForResourcesEnsuringCorrectCachedApkPaths, leading to checkAndUpdateApkPaths potentially altering the LoadedApk state and Loa...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
CVE-2025-51966 describes an XSS in uTools up to version 7.1.1, specifically in the PDF preview feature. The vulnerability arises when previews of specially crafted PDF files cause embedded JavaScript to execute within the application's privileged context, potentially enabling data theft or unauth...
PT-2025-35592
Name of the Vulnerable Software and Affected Versions: uTools versions through 7.1.1 Description: A cross-site scripting XSS issue exists in the PDF preview functionality. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application’s privileged...
CVE-2025-56236
FormCms v0.5.5 contains a stored XSS vulnerability in the avatar upload endpoint (/api/profile/avatar). An authenticated attacker can upload a malicious .html file that is publicly accessible; when a privileged user opens the URL, the script executes in their browser context. Several sources (Ver...