Security Vulnerabilities
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-24
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-24
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-23
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-06-23
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-06-23
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
CVSS Score
9.8
EPSS Score
0.003
Published
2025-06-23
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-06-23
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-06-23
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23