CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

PT-2025-47409

Name of the Vulnerable Software and Affected Versions Itel DAB Gateway versions c041640a Description The Itel DAB Gateway is susceptible to an authentication bypass due to inadequate JWT JSON Web Token validation. An attacker can exploit this by reusing a valid JWT token acquired from one device ...

Mozilla Thunderbird < 60.4

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-31 advisory. - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for...

Mozilla Firefox < 62.0

The version of Firefox installed on the remote Windows host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that ...

Mozilla Firefox < 62.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript...

MGASA-2025-0300 Updated firefox packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

[SECURITY] [DLA 4372-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 16, 2025 https://wiki.debian.org/LTS -...

Debian dla-4372 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4372 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4372-1 [email protected]...

GHSA-9X5G-62GJ-WQF2 Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28719)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Notifications component. An attacker can exploit this...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

RHEL 10 : firefox (RHSA-2025:21120)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21120 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28715)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Workers component. An attacker can exploit this...

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

CVE-2025-10495

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-12817

CVE-2025-12817 is addressed in multiple PostgreSQL security advisories. The issue is missing authorization in CREATE STATISTICS, allowing a table owner to cause denial of service for other CREATE STATISTICS users by creating in any schema; a subsequent CREATE STATISTICS using the same name can fa...