There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best =…

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on…

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set…

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even…

Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported…

IPv4-mapped IPv6 addresses did not get recognized as “local” by the code and a connection attempt is made. Attackers with access to user accounts could…

When adding an external mail account, processing of SMTP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service…

When adding an external mail account, processing of IMAP “capabilities” responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service…