SolarWinds Platform 跨站脚本漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Platform that stems from susceptibility to a cross-site scripting attack that affects the search and node...

SolarWinds Platform 2024.0 < 2024.4.1 XSS

The version of SolarWinds Platform installed on the remote host is prior to 2024.4.1. It is, therefore, affected by a vulnerability as referenced in the solarwindsplatform202441 advisory. - The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information...

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers allows attackers to carry out spear-phishing attacks.

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to carry out phishing attacks using a specially created HTML page...

Vulnerabilities fixed in Zabbix

Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...

@10play/tentap-editor (>=0.5.27 <=0.7.5-alpha.0), @adminjs/design-system (>=3.0.0 <=4.0.3) +131 more potentially affected by CVE-2025-14284 via @tiptap/extension-link (>=2.0.0-beta.18 <=2.10.3)

@tiptap/extension-link NPM version =2.0.0-beta.18, =0.5.27, =3.0.0, =0.4.1, =3.0.0-alpha.1, =0.0.1, =0.2.1, =0.2.0, =0.1.0, =0.28.0, =3.4.0, =1.2.0, =0.0.3, =0.4.1 and more Source cves: CVE-2025-14284 Source advisory: SNYK:JS-TIPTAPEXTENSIONLINK-14222197...

SUSE CVE-2024-42332

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in improper restrictions on the displayed layers of the user interface, which allows attackers to perform spear-phishing attacks.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an improper limitation on the visually displayed layers of the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

DEBIAN-CVE-2024-42332

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...

KLA77550 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memor...

KLA77549 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be...

KLA77600 SUI vulnerability in Microsoft Dynamics

Security UI vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-49053 Related products Microsoft-Dynamics-365 CVE list CVE-2024-49053 high Solution Install necessary updates from the KB section, that a...

KLA77556 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory...

The vulnerability of the Device OAuth protocol implementation on the software platform based on git for collaborative code development in GitLab EE/CE allows a perpetrator to gain unauthorized access to the API.

The vulnerability of the Device OAuth protocol implementation on the software platform based on Git for collaborative code development in GitLab EE/CE is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor,...

The vulnerability of the Navigation section in the Google Chrome browser is related to insufficient compliance with policies, which allows attackers to increase their privileges.

The vulnerability of the Navigation section in the Google Chrome browser is related to insufficient compliance with policies. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a series of actions on the user interface...

The vulnerability of Google Chrome’s Blink rendering module allows a hacker to replace the user interface.

The vulnerability of Google Chrome’s Blink rendering module is related to improper implementation. Exploiting this vulnerability allows a remote attacker to replace the user interface with a specially created HTML page...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in WebApp installations in Google Chrome on Windows prior to version 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Extensions in Google Chrome on Windows prior to version 128.0.6613.84 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

The use of “after free” in Media Stream in Google Chrome before version 126.0.6478.182 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...