44 matches found
Astra Linux - уязвимость в firefox, thunderbird
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2026-41421
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
CVE-2026-24282
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
EUVD-2026-10600
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
EUVD-2026-10601
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
CVE-2026-24282
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
CVE-2026-24282
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability
...
CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability
...
CVE-2026-24282
CVE-2026-24282 is a Microsoft-related local-elevation vulnerability labeled as a Push message Routing Service issue. The CVSS 3.1 base score is 5.5 (MEDIUM) with Confidentiality impact High, and Exploit Code Maturity is UNPROVEN. The attack vector is Local and requires Low privileges with no user...
Push message Routing Service Elevation of Privilege Vulnerability
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
PT-2026-24278
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...
EUVD-2025-30892
Malicious code in bioql PyPI...
CVE-2025-10184
CVE-2025-10184 (OnePlus OxygenOS Telephony provider permission bypass) affects OnePlus OxygenOS on multiple devices, via three content providers: com.android.providers.telephony.PushMessageProvider, PushShopProvider and ServiceNumberProvider. Root cause: missing write permissions on these provide...
CVE-2022-39870
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSHMESSAGERECEIVED broadcast...
firefox: DOM push subscription message could hang Firefox
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...
firefox: DOM push subscription message could hang Firefox
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...
firefox: DOM push subscription message could hang Firefox
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...
firefox: DOM push subscription message could hang Firefox
The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...