Lorenzo

#11180of 53,625
24.6Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2026-27396
7.8
2026-01-01
Mozilla · Firefox Esr · CVE-2026-4697
**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 **Description** The Audio/Video: Web Codecs component contains incorrect boundary conditions. **Recommendations** Update Firefox to version 149 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.
PT-2006-2137
4.3
2006-03-09
Aztek · Aztek Forum · CVE-2006-1110
**Name of the Vulnerable Software and Affected Versions** Aztek Forum version 4.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the message body in a new message, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For Aztek Forum version 4.0, update to a version that fixes this issue, or as a temporary workaround, consider validating and sanitizing user input in the message body to prevent arbitrary script injection.
PT-2006-2138
7.5
2006-03-09
Aztek · Aztek Forum · CVE-2006-1111
**Name of the Vulnerable Software and Affected Versions** Aztek Forum version 4.0 **Description** The issue allows remote attackers to obtain sensitive information by exploiting a weakness in the `msg` parameter to the "index.php" endpoint, which can reveal usernames and passwords in a MySQL error message. This is possibly due to a forced SQL error or SQL injection. **Recommendations** For Aztek Forum version 4.0, consider restricting access to the `index.php` endpoint or avoiding the use of the `msg` parameter with a "*/*" value until a fix is available. As a temporary workaround, restrict database error messages to prevent sensitive information disclosure.
PT-2006-2139
5.0
2006-03-09
Aztek · Aztek Forum · CVE-2006-1112
**Name of the Vulnerable Software and Affected Versions** Aztek Forum version 4.0 **Description** The issue allows remote attackers to obtain sensitive information via a long login value in a register form. This is achieved by triggering a MySQL error message that displays the installation path. **Recommendations** For Aztek Forum version 4.0, consider restricting access to the register form to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using long login values in the register form to prevent the display of sensitive information in MySQL error messages.