CVE-2026-47114

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

dnssec-trigger bug fix update

An update is available for dnssec-trigger. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list dnssec-trigger reconfigures the local Unbound DNS server after each...

CVE-2026-47114

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

Astra Linux – Vulnerability in Firefox

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol, the browser would process the redirect and prompt the user appropriately. This vulnerability affects Firefox versions earlier than 102...

Astra Linux – Vulnerability in Firefox

When a user has already allowed a website to access the microphone and camera, disabling camera sharing does not completely prevent the website from re-enabling them without an additional prompt. This is only possible if the website continues to record with the microphone until the camera is...

CVE-2025-64401

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linke...

CVE-2025-64405 Apache OpenOffice: Remote documents loaded without prompt via DDE function

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...

CVE-2025-64404

CVE-2025-64404 affects Apache OpenOffice up to version 4.1.15. The issue is a missing Authorization vulnerability that allows an attacker to craft a document containing links (specifically background fill or bullet images) that would cause external files to be loaded without prompting the user. A...

CVE-2025-64401 Apache OpenOffice: Remote documents loaded without prompt via IFrame

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linke...

CVE-2025-64401 Apache OpenOffice: Remote documents loaded without prompt via IFrame

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linke...

EUVD-2005-1477

Malware in sbrugna...

EUVD-2007-1081

Malware in sbrugna...

EUVD-2008-3177

Malware in sbrugna...

EUVD-2007-4407

Malware in sbrugna...

EUVD-2019-0914

Malware in sbrugna...

EUVD-2025-6831

Malicious code in bioql PyPI...

EUVD-2025-28538

Malicious code in bioql PyPI...

EUVD-2025-19087

Malicious code in bioql PyPI...

EUVD-2024-38674

Malicious code in bioql PyPI...

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...