Linux Distros Unpatched Vulnerability : CVE-2024-11694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web...

Linux Distros Unpatched Vulnerability : CVE-2025-6427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections...

COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092

This module allows you to manage video media items using the COOKiES module disabling external video elements. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might...

CVE-2025-53630 Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15499)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from the connect-src directive can be bypassed, and can be exploited by attackers to bypass security restrictions...

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox 140 and Thunderbird 140...

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox 140 and Thunderbird 140...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from the connect-src directive can be bypassed, and can be exploited by attackers to bypass security restrictions...

Security Vulnerabilities fixed in Firefox 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

MAL-2025-5179 Malicious code in axiom-src (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a03340569d36ca27ecb2ccddc04dd1ee351061a883a2b94494e35b47ffe9f6f3 Any computer that has this package installed or running should be considered...

PT-2025-26121

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur if any driver attempts to use the PXO SRC, as the gcc driver does not provide it since it is a fixed-clock. The issue has been resolved by replacing the gcc PXO...

ROS-20250616-06

UPX executable packer vulnerability is related to buffer overflow in PackLinuxElf64::unDTINIT of the src/plxelf.cpp file. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

VulnCheck KEV: CVE-2021-39312

The True Ranker plugin = 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file...

DRUPAL-CONTRIB-2025-075

This module provides a format filter, which allows you to "disable" certain HTML elements e.g. remove their src attribute specified by the user. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attribute...

CVE-2023-27728

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsdumpisrecursive at src/njsvmcode.c...

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2021-35290

File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page...

CVE-2021-38291

FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e1640 suffers from a an assertion failure at src/libavutil/mathematics.c...

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...