CVE-2026-7959

An inappropriate implementation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496645205...

SUSE CVE-2026-7959

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2026-7959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass...

DEBIAN-CVE-2026-7959

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7959

CVE-2026-7959 affects Google Chrome prior to 148.0.7778.96. The vulnerability is described as an Inappropriate implementation in Navigation that could allow a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Connected sources (DEBIAN-CVE-2...

CVE-2026-7959

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

CVE-2025-7959 Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters

The Station Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width' and 'height’ parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-7959

CVE-2025-7959 concerns the Station Pro plugin for WordPress, which is vulnerable to a Stored Cross-Site Scripting (XSS) flaw via the width and height parameters in all versions up to and including 2.4.2. The vulnerability requires an attacker with at least Contributor access to inject script that...

WordPress Station Pro plugin <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width and height Parameters vulnerability discovered by Peter Thaleikis in WordPress Plugin Station Pro versions = 2.4.2...

CVE-2024-7959

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

CVE-2024-7959 SSRF in open-webui/open-webui

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

CVE-2024-7959

The CVE-2024-7959 entry affects open-webui/open-webui v0.3.8, where the /openai/models endpoint is vulnerable to SSRF. An attacker can modify the OpenAI URL without validation, causing the endpoint to issue requests to arbitrary URLs and return the response, potentially exposing internal services...

CVE-2024-7959 SSRF in open-webui/open-webui

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

CGA-H3GQ-GWHC-7959

Bulletin has no description...

Rocky Linux 9 : guestfs-tools (RLSA-2022:7959)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7959 advisory. - A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the getkeys function. This flaw...

Oracle Linux 9 : guestfs-tools (ELSA-2022-7959)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7959 advisory. - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2102721 Tenable has extracted the preceding description block directly from the Oracle...

RHEL 9 : guestfs-tools (RHSA-2022:7959)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7959 advisory. guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and...

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

CVE-2020-7959

LabVantage LIMS 8.3 contains an information-disclosure vulnerability where the web app can reveal database names. An attacker can enumerate databases by sending a crafted request and receiving an Unrecognized Database exception when the database does not exist. Public exploits exist (e.g., Exploi...