Lucene search
+L

44687 matches found

euvd
euvd
added 9 hours ago4 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score
Exploits0References2
euvd
euvd
added yesterday5 views

EUVD-2026-44747

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS6.7AI score
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-52843

Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials,...

9.3CVSS0.00033EPSS
Exploits0References4
cve
cve
added yesterday6 views

CVE-2026-62685

The CVE affects File Browser prior to version 2.63.17. The issue arises in how user scopes are built from usernames via cleanUsername() when Signup=true and CreateUserDir=true: the many-to-one normalization can collapse usernames such as team/one, team one, and team-one to the same home directory...

8.1CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday5 views

CVE-2026-62843

CVE-2026-62843 affects File Browser (versions 2.63.6–2.63.16). The archive builder calls strings.ReplaceAll(nameInArchive, "\", "/"), which can transform a POSIX filename like ..\..\evil.sh into ../../evil.sh within the generated zip/tar. This enables a user with upload permissions to place a bac...

6.8CVSS6.1AI score
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44707

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score
Exploits0References3
cvelist
cvelist
added yesterday19 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-62683

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS6.1AI score
Exploits0References4Affected Software1
euvd
euvd
added yesterday2 views

EUVD-2026-44705

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday6 views

CVE-2026-62683

File Browser (server-side) contains a vulnerability prior to version 2.63.17 where deleting a shared directory with a trailing slash can leave a stale public share behind. The issue arises because the cleanup path calls DeleteWithPathPrefix(file.Path, userID) while the Bolt backend queries the da...

3.1CVSS6.1AI score
Exploits0References3
cvelist
cvelist
added yesterday18 views

CVE-2026-62683 File Browser: Trailing-slash delete leaves a stale public share behind

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44703

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
cve
cve
added yesterday5 views

CVE-2026-45150

Zen Browser is a Firefox-based browser. The CVE-2026-45150 issue affects Zen prior to version 1.19.13b, where there was no persistent, clearly visible security notification when a page entered fullscreen. This could allow an attacker-controlled page to hide the real browser UI and origin informat...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
cvelist
cvelist
added yesterday19 views

CVE-2026-45150 Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS0.00027EPSS
Exploits0References1
nvd
nvd
added yesterday6 views

CVE-2026-61613

Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthenticated local agent endpoint, enabling code execution...

7.7CVSS
Exploits0References1
redhatcve
redhatcve
added yesterday3 views

CVE-2026-13030

An uninitialized use flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=522840723...

5.3CVSS6AI score0.00186EPSS
Exploits0References5
redhatcve
redhatcve
added yesterday5 views

CVE-2026-53633

A flaw was found in Vitest Browser Mode, a component of the Vitest testing framework. The cdp API exposed raw Chrome DevTools Protocol CDP methods without proper security restrictions. This vulnerability allows a remote attacker, with access to browser API metadata, to leverage CDP functions like...

9.8CVSS6.2AI score0.00585EPSS
Exploits0References13
redhatcve
redhatcve
added yesterday4 views

CVE-2026-47428

A flaw was found in Vitest, a testing framework. In Vitest Browser Mode, a remote attacker could craft a specific browser-runner URL that, when visited, would allow the execution of arbitrary JavaScript code within the Vitest server. This vulnerability could also lead to the recovery of the...

9.6CVSS6.3AI score0.00367EPSS
Exploits0References10
thn
thn
added yesterday6 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
nuclei
nuclei
added yesterday62 views

Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting

Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page. id: CVE-2021-37416 info: name: Zoho ManageEngine ADSelfService Plus 6103 to mitigate this vulnerability. reference: -...

6.1CVSS6.4AI score0.02934EPSS
Exploits0References4
Rows per page
Query Builder