Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 a...

Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted H...

Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Ch...

Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Med...

Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium securi...

Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Hig...

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and i...

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Serv...

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers,...

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is...

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption an...

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_...

A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /u...

A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Affected is an unknown function of the file /user/minus_cart.php. The ...

A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0. This issue affects some unknown processing of the file /user/sear...

A vulnerability classified as critical was found in code-projects Point of Sales and Inventory Management System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipula...

A vulnerability classified as critical has been found in code-projects Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file /user/plist.php. The manipulation of...

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/del...

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions,...

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filena...

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the respon...

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an externa...