CVE-2025-54561

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...

EUVD-2024-48007

Malicious code in bioql PyPI...

CVE-2025-3932 Tracking Links in Attachments Bypassed Remote Content Blocking

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

Security Vulnerabilities fixed in Thunderbird 128.10.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

Apache Sling 注入漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...

XML External Entity (XXE) Injection

Overview com.puppycrawl.tools:checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to an incomplete fix for CVE-2019-9658 checkstyle was still vulnerable to...

GHSA-4W88-RJJ3-X7WP Chromium Remote Code Execution in electron

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled. Recommendation Update to electron version 1.7.8 or later...

CVE-2017-16151

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabl...

Multiple TIBCO Product Information Disclosure Vulnerabilities (CNVD-2018-10558)

TIBCO JasperReports Server and so on are the products of the United States TIBCO Software Corporation.TIBCO JasperReports Server is a report generation and editing tools for the server version of the TIBCO JasperReports Server Community Edition is the community version of it. A security...

Remote Code Execution

Electron is vulnerable to remote code execution RCE attacks. These attacks affect all Electron apps which access remote content, this includes applications using the sandbox option...

Accessing remote/local content in IE (GM#009-IE)

GreyMagic Security Advisory GM009-IE ===================================== By GreyMagic Software, Israel. 23 Aug 2002. Available in HTML format at http://security.greymagic.com/adv/gm009-ie/. Topic: Accessing remote/local content in IE. Discovery date: 18 Feb 2002. Affected applications:...