CVE-2026-27491 Discourse has a bypass of official warnings messages by non-staff users

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the...

PYSEC-2026-103

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2025-27389 Application Installation Source Verification Flaw May Lead to Risk Detection Bypass

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

Mozilla Firefox < 61.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 61.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-15 advisory. - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David...

Mozilla Firefox ESR < 60.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-16 advisory. - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer,...

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

EUVD-2007-4681

Malware in sbrugna...

EUVD-2010-1265

Malware in sbrugna...

CVE-2025-6426

The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. This vulnerability affects Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12...

WinRAR 安全漏洞

WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR versions prior to 7.11 that stems from a symbolic link bypassing the security warning feature, which could...

PT-2025-14579 · Winrar · Winrar

Name of the Vulnerable Software and Affected Versions: WinRAR versions prior to 7.11 Description: A security issue exists in WinRAR that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file. If a symbolic link specially...

CVE-2023-6871

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...

CVE-2023-6871

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...

CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 108, Firefox ESR 102.6, and...

CVE-2021-44714

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass. Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which coul...

DEBIAN-CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

UBUNTU-CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

Cisco Webex Meetings Access Control Error Vulnerability

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. An access control error vulnerability exists in the Multimedia Viewer feature of Cisco Webex Meetings, which originates from a security warning dialog box that does not pop up when the host of the meeting room views a...

Security vulnerabilities fixed in Thunderbird 60 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...