340 matches found
Astra Linux - уязвимость в firefox, thunderbird
If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...
EUVD-2016-2926
Malware in sbrugna...
EUVD-2014-4327
Malware in sbrugna...
EUVD-2016-2900
Malware in sbrugna...
EUVD-2025-26075
Malicious code in bioql PyPI...
EUVD-2025-27073
Malicious code in bioql PyPI...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
PT-2025-36339
Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-22441
CVE-2025-22441 concerns a Confused Deputy in Android RemoteViews loading path. The vulnerability arises when RemoteViews.mApplication can influence LoadedApk via getContextForResourcesEnsuringCorrectCachedApkPaths, leading to checkAndUpdateApkPaths potentially altering the LoadedApk state and Loa...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-22441
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
PT-2025-35592
Name of the Vulnerable Software and Affected Versions: uTools versions through 7.1.1 Description: A cross-site scripting XSS issue exists in the PDF preview functionality. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application’s privileged...
CVE-2025-51966
CVE-2025-51966 describes an XSS in uTools up to version 7.1.1, specifically in the PDF preview feature. The vulnerability arises when previews of specially crafted PDF files cause embedded JavaScript to execute within the application's privileged context, potentially enabling data theft or unauth...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
CVE-2025-56236
FormCms v0.5.5 contains a stored XSS vulnerability in the avatar upload endpoint (/api/profile/avatar). An authenticated attacker can upload a malicious .html file that is publicly accessible; when a privileged user opens the URL, the script executes in their browser context. Several sources (Ver...
CVE-2012-10032
Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...