Lucene search
+L

779 matches found

Cvelist
Cvelist
added 2026/03/23 6:41 p.m.24 views

CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.36 views

PT-2026-27174

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS5.9AI score0.00321EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 4:36 a.m.4 views

Malicious Package

Overview trex-proxy-browser-extension-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:36 a.m.12 views

Malicious code in trex-proxy-browser-extension-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
CNVD
CNVD
added 2026/03/18 12:0 a.m.4 views

Unspecified Vulnerability in AnythingLLM

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

2.7CVSS5.8AI score0.00231EPSS
Exploits1
NVD
NVD
added 2026/03/16 2:19 p.m.7 views

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS0.00231EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.13 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/13 9:23 p.m.4 views

CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 9:23 p.m.7 views

EUVD-2026-12176

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:23 p.m.6 views

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:23 p.m.37 views

CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS0.00231EPSS
Exploits1References2
CVE
CVE
added 2026/03/13 9:23 p.m.26 views

CVE-2026-32717

AnythingLLM prior to 1.11.2 in multi-user mode suffers an access control bypass where suspended users remain authenticated via browser extension API keys. If a user already has a valid brx-... browser extension API key, it continues to work after suspension, allowing access to browser extension e...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/13 9:23 p.m.7 views

CVE-2026-32717 AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25397

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API...

2.7CVSS5.8AI score0.00231EPSS
Exploits1References7
CVE
CVE
added 2026/03/04 9:53 p.m.34 views

CVE-2025-68467

Dark Reader CVE-2025-68467 describes a vulnerability where pre-4.9.117 builds could be used to request a style sheet from a local web server (e.g., http://localhost:8080/style.css) via cross-origin requests. The issue involved cross-origin CSS files being parsed or stored in Session Storage, enab...

3.4CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 2:49 p.m.6 views

CVE-2026-2345

Proctorio Chrome Extension is a browser extension used for online proctoring. The extension contains multiple window.addEventListener'message', ... handlers that do not properly validate the origin of incoming messages. Specifically, an internal messaging bridge processes messages based solely on...

3.6CVSS5.5AI score0.00064EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2026/01/20 2:40 p.m.12 views

Fake extension crashes browsers to trick users into infecting themselves

Researchers have found another method used in the spirit of ClickFix: CrashFix. ClickFix campaigns use convincing lures—historically “Human Verification” screens—to trick the user into pasting a command from the clipboard. After fake Windows update screens, video tutorials for Mac users, and many...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.17 views

CVE-2021-31857

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types...

5.9CVSS6.8AI score0.02671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.11 views

CVE-2022-0815

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed...

7.5CVSS7AI score0.00982EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/12/18 1:2 p.m.12 views

Chrome extension slurps up AI chats after users installed it for privacy

This case highlights a growing grey area in consumer privacy: data collection that is technically disclosed, but so far outside user expectations that most people would never knowingly agree to it. The next time you tell an AI chat assistant your deepest secrets, think twice; you never know who o...

6.6AI score
Exploits0
Rows per page
Query Builder