CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

Mapserver SQL注入漏洞

Mapserver is the Open Source Geospatial Osgeo Foundation's suite of open source platforms for publishing spatial data and interactive map applications to the Web. A SQL injection vulnerability exists in Mapserver versions prior to 8.4.1, which stems from a Boolean SQL injection in the XML Filter...

CVE-2025-1196

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack...

PT-2025-6841 · Unknown · Code-Projects Real Estate Property Management System

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0 Description: A problematic vulnerability was found in the code-projects Real Estate Property Management System. The issue affects an unknown function of the file /search.php. Th...

AlmaLinux 8 : thunderbird (ALSA-2024:6684)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:6684 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces were...

mozilla: Type confusion when looking up a property name in a "with" block

The Mozilla Foundation's Security Advisory: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update ...

RLSA-2024:6684 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a "with" block CVE-2024-8381 mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener...

CVE-2024-8381

The Mozilla Foundation's Security Advisory: A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment...

CVE-2024-8381

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and Thunderbird 115.15...

Mozilla Firefox < 130.0

The version of Firefox installed on the remote Windows host is prior to 130.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-39 advisory. - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that...

Error: Unable to Create Deployment in StoreFront

When creating a new deployment in StoreFront, the deployment fails with the following error: "Unable to Create Deployment " This error is logged in Event Viewer: New Server Deployment Citrix.DeliveryServices.PowerShell.Command.Runner.Exceptions.PowerShellExecutionException: An error occured runni...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2024-1126)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property name associated with a \p... regular...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2024-1110)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property name associated with a \p... regular...

CVE-2023-47100

DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2013-3931

Cross-site scripting XSS vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the propertyname parameter, related to editing property details...

Updated cyrus-imapd packages fix security vulnerability

Updated cyrus-imapd package fixes security vulnerability: It was discovered that cyrus-imapd had a buffer overflow in CalDAV request handling triggered by a long iCalendar property name CVE-2019-11356...

Heap overflow

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fzappenddisplaynode located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node...

DEBIAN-CVE-2019-12614

An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash...