Lucene search
+L

121 matches found

NVD
NVD
added 2026/07/09 11:17 p.m.6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:27 p.m.6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/09 10:27 p.m.12 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 10:27 p.m.37 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/07/09 10:27 p.m.3 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6.1AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-57005

Name of the Vulnerable Software and Affected Versions Zen versions prior to 1.21.5b Description In the glance and split-view context-menu actions, specifically Open link in glance and Split link in new tab, the browser loads a page-controlled link URL using the System principal instead of the...

6.1AI score0.0029EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox

When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...

4.3CVSS6AI score0.00329EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Web Browser UI of Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS6.6AI score0.01268EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 12:1 a.m.7 views

Malicious Package

Overview @bcs-react-ui/context-menu is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/04 12:1 a.m.8 views

MAL-2026-3269 Malicious code in @bcs-react-ui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22d7735468c4f2cdf66767c4b52a6a089b195ea5bb820b82a03690fb0c9586bc The package @bcs-react-ui/context-menu was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.4CVSS5.7AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 5:56 a.m.3 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 5:56 a.m.20 views

CVE-2026-33051

Craft CMS 5.9.x versions 5.9.0-beta.1 through 5.9.10 are affected by a Stored XSS in the revision/draft context menu. The issue arises from rendering the creator’s fullName as raw HTML due to Template::raw() used with Craft::t() interpolation, allowing a low-privilege CP user to inject an XSS pay...

5.4CVSS5.7AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:56 a.m.26 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:56 a.m.4 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 12:58 p.m.10 views

Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

5.4CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/18 12:58 p.m.8 views

GHSA-3X4W-MXPF-FHQQ Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25645

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

7.1CVSS5.8AI score0.00268EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25651

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

7.1CVSS5.8AI score0.00268EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.15 views

PT-2026-25647

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution...

7.8CVSS5.9AI score0.00269EPSS
Exploits1References6
Rows per page
Query Builder