Aggregator

A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. This vulnerability was named CVE-2025-2335. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Что скрывают от зрителей знаменитые фильмы.

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-2334. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #509834 / VDB-299800

Mozilla 过去几年的做法比如拥抱 AI 可能会让 Firefox 用户感到不满。他们可能会想迁移到其它浏览器。但对大部分 Firefox 用户而言，Chrome 或基于 Chromium 的浏览器显然是一种更差的选择，那么可行的选择就剩下了 Firefox 的分支。
Firefox 的分支存在已久。因 Mozilla 的商标使用政策，自由软件发行版 Debian 维护了一个分支 Iceweasel，该项目于 2016 年终止。GNU 项目也采用了 Iceweasel，它后来改名为 GNU IceCat，并一直维护至今，基于 Firefox 115.20.0 的 IceCat 115.20.0esr 是最新的 ESR 版本。GNU IceCat 与 Firefox 的最明显区别是用 LibreJS 替代 JavaScript，此举可能导致大量网站不能正常工作。IceCat 适合那些拥护自由软件精神而不在意功能的用户。
Floorp 是另一个分支，由日本学生社区 Ablaze 开发，Floorp 最初是基于 Chromium，2022 年切换到 Firefox，第一个版本是 Floorp v7，最新版本是 基于 Firefox ESR 128.8.0 的 Floorp 11.23.1。
始于 2020 年的 LibreWolf 项目主要从 Firefox 中移除非自由功能，如遥测、DRM、Pocket 集成，禁用了 Firefox Sync 同步功能，LibreWolf 的最新版本是基于 Firefox 135 的 135.0.1。
Zen 浏览器项目是最新的 Firefox 分支，目前处于 beta 阶段，最新版本是基于 Firefox 135.0.1 的 1.8.2b，它的用户界面与 Firefox 有很大区别。
其它分支还有 Basilisk、Waterfox、Pale Moon 等。但所有分支都依赖于 Mozilla 完成大部分开发工作。

Submit #505688 / VDB-299799

Обновления вместо улучшения вызвали массовые сбои.

Currently trending CVE - Hype Score: 1 - Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x ...

Currently trending CVE - Hype Score: 1 - The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated ...

A vulnerability was found in nik00726 Thumbnail Carousel Slider Plugin up to 1.0.4 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2019-25222. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in boopathi0001 WP Test Email Plugin up to 1.1.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-2325. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in tripetto Form Builder Plugin for Contact Forms, Surveys and Quizzes up to 8.0.9 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Attachment Upload Handler. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2024-13497. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in pixelstats Plugin up to 0.8.2 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation of the argument post_id/sortby leads to cross site scripting. The identification of this vulnerability is CVE-2025-2164. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Zoorum Comments Plugin up to 0.9 on WordPress and classified as problematic. This vulnerability affects the function zoorum_set_options of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-2163. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress. This affects an unknown part. The manipulation of the argument multiple leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1773. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in wponlinesupport Portfolio and Projects Plugin up to 1.5.3 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13847. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in TianoCore EDK2 up to edk2-stable202502. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-2295. The attack can be launched remotely. There is no exploit available.