WordPress plugin EmergencyWP – Dead Man s switch & legacy deliverance 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

FreeBSD : Firefox -- Multiple vulnerabilities (1124a7b0-1338-11f1-a55d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1124a7b0-1338-11f1-a55d-b42e991fc52e advisory. CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806:...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803

CVE-2026-2803 affects Mozilla Firefox and Mozilla Thunderbird. The issue is an information disclosure with mitigation bypass in the Settings UI component, fixed in Firefox 148 and Thunderbird 148. Connected advisories confirm affected products and versions, and note remediation to update to the l...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Firefox -- Multiple vulnerabilities

CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. CVE-2026-2803...

CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...

Information disclosure in settings UI and API responses - ownCloud

The settings page and some API responses of a few ownCloud apps contained plaintext credentials...

CVE-2021-0369

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACTACROSSPROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2021-13048 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: The issue is caused by a logic error in the code of CrossProfileAppsServiceImpl.java, which can lead to an application's INTERACT ACROSS PROFILES grant state not displaying properly in the setting UI...

Spoofing

In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...

Privilege escalation

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2...