Xxe

An XXE XML External Entity vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network...

Design/Logic Flaw

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

Design/Logic Flaw

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a...

Design/Logic Flaw

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Design/Logic Flaw

Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This issue only affects Android versions of Firefox and Firefox Focus. This vulnerability affects Firefox 121...

Race condition

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Design/Logic Flaw

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

Code injection

EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR 115.6 and Firefox 121...

Heap overflow

The nsWindow::PickerOpenvoid method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Heap overflow

Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Code injection

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

Design/Logic Flaw

When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and...

Code injection

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Memory corruption

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 115.6,...

Memory corruption

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 121...

Design/Logic Flaw

The ShutdownObserver was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Design/Logic Flaw

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...

Information disclosure

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox 121...

Code injection

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...

Code injection

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...

Heap overflow

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Heap overflow

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perfevent's readsize can overflow, leading to an heap out-of-bounds increment or write in perfreadgroup. We recommend upgrading past commit...

Design/Logic Flaw

A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR 115.6 and Thunderbird 115.6...

Race condition

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

Command injection

A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as...

Deserialization of untrusted data

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

Cross site scripting

A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack ca...

Cross site scripting

Reflective Cross Site Scripting XSS vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APPHOST parameter at config/i18n/en/main.php...

Code injection

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1...

Sql injection

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...

Code injection

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8...

Cross site scripting

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Design/Logic Flaw

IBM UrbanCode Deploy UCD 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512...

Cross site scripting

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Improper access control

A vulnerability was found in Ethex Contracts. It has been classified as critical. This affects an unknown part of the file EthexJackpot.sol of the component Monthly Jackpot Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product do...

Information disclosure

A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able t...

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

Design/Logic Flaw

with only one user interactiondownload a malicious config, attackers can gain full command execution on the victim system...

Design/Logic Flaw

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

Stack overflow

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina.This issue affects Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina: from n/a through 6.4.5...

Cross site request forgery (csrf)

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

Cross site request forgery (csrf)

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.5.3...

Race condition

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18...

Design/Logic Flaw

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...