CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 102. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefo...

Astra Linux - уязвимость в thunderbird

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email’s date will be displayed. If the dates are different, then Thunderbird does not report the email as having an invalid signature. I...

Astra Linux - уязвимость в chromium

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass the same-origin policy via a crafted clipboard content...

Astra Linux – Vulnerability in Firefox, Thunderbird

A malicious website that could create a popup might resize the popup to overlay the address bar with its own content, causing potential confusion for users or leading to spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability...

Astra Linux – Vulnerability in Firefox and Thunderbird

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

EUVD-2022-37429

Malicious code in bioql PyPI...

CVE-2022-34469

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...

CVE-2024-23978

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported...

KDDI HOME SPOT CUBE2 Security Vulnerability

KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Japan. A security vulnerability exists in KDDI HOME SPOT CUBE2 version V102 and prior versions. An attacker can exploit the vulnerability to remotely execute code...

PT-2024-19053 · Unknown · Home Spot Cube2

Name of the Vulnerable Software and Affected Versions: HOME SPOT CUBE2 versions V102 and earlier Description: A stack-based buffer overflow vulnerability exists, which may result in a denial of service DoS condition when processing a specially crafted command. The affected products are no longer...

Important: firefox

Issue Overview: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort...

SUSE CVE-2022-1859

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-34485

Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. A cross-site scripting vulnerability exists in SAP CRM WebClient UI WEBCUIF version 748, version 800, version 801, S4FND version 102, version 103, which stems from not adequately coding user input...

DEBIAN-CVE-2022-40957

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Design/Logic Flaw

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This...

Design/Logic Flaw

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

CVE-2022-36320

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...