Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout component...

PT-2025-38266

Name of the Vulnerable Software and Affected Versions Suricata versions 7.0.11 and below Suricata version 8.0.0 Description Suricata, a network IDS, IPS and NSM engine, experiences a detection bypass when receiving crafted traffic containing multiple SYN packets with differing sequence numbers...

KLA88014 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in...

Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks

It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post, I’ll walk you through how old data leaks, lazy telecom verification, and a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a "Rich Text" field when processing user-supplied input in web content structures, document types, or custom assets. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

ksmbd: limit repeated connections from clients with the same IP

...

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

CVE-2025-10193

CVE-2025-10193 : DNS rebinding vulnerability in the Neo4j Cypher MCP server allows a malicious website to bypass Same-Origin Policy and trigger unauthorised local tool invocations. The attack relies on a user visiting a crafted site for enough time to succeed. Public details indicate impact on th...

CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

Neo4j MCP Clients & Servers 安全漏洞

Neo4j MCP Clients & Servers is a protocol for managing large language model contexts in the Neo4j Contrib open source. A security vulnerability exists in Neo4j MCP Clients & Servers, which stems from a DNS rebinding vulnerability that could lead to bypassing same-origin policy protections and...

PT-2025-37184

Name of the Vulnerable Software and Affected Versions: Neo4j Cypher MCP server affected versions not specified Description: A DNS rebinding issue exists in the Neo4j Cypher MCP server. This allows malicious websites to circumvent Same-Origin Policy protections and execute unauthorized tool...

CVE-2025-41708

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...

Linux Distros Unpatched Vulnerability : CVE-2017-2479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes...

Linux Distros Unpatched Vulnerability : CVE-2017-2367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves...

Linux Distros Unpatched Vulnerability : CVE-2016-5168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. CVE-2016-5168 Not...