Lucene search
K

9799 matches found

EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-40531

Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References3
CVE
CVE
added yesterday3 views

CVE-2026-13845

The CVE-2026-13845 entry concerns Google Chrome with a use-after-free in the DOM that allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected product/version pattern is Chrome prior to 150.0.7871.47, with the severity labeled as High. The vu...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS5.7AI score0.00393EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday10 views

VDO.Ninja - DOM-Based Cross-Site Scripting

VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...

6.9CVSS5.9AI score0.01099EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday9 views

Hoppscotch <= 2026.2.1 - Open Redirect

Hoppscotch = 2026.2.1 is vulnerable to a DOM-based open redirect on the /enter page. The redirect query parameter is passed directly to windowz location.href with no origin validation. Requires one additional query parameter to trigger. Exploited via a crafted URL such as...

6.1CVSS5.8AI score0.00401EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2 days ago6 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS5.7AI score0.00251EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago41 views

Yonyou U8 13.0 - Cross-Site Scripting

Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.3AI score0.37682EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago47 views

Ghost CMS <=4.32 - Cross-Site Scripting

Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...

6.8CVSS6.5AI score0.07935EPSS
Exploits1References7
Nuclei
Nuclei
added 3 days ago40 views

WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting

WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. id: CVE-2021-24891 info: name: WordPress Elementor Website Builder 3.1.4 - Cross-Site Scripting author:...

6.1CVSS6.2AI score0.24006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

RockyLinux 9 : thunderbird (RLSA-2026:29940)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29940 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References59
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2026:2583-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2583-1 advisory. Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. -...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References60
RedHat Linux
RedHat Linux
added 6 days ago4 views

firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References6
OSV
OSV
added 6 days ago3 views

ALSA-2026:29940 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component CVE-2026-12313 firefox:...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References60
CVE
CVE
added last week10 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
OSV
OSV
added last week5 views

OESA-2026-2735 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

9.6CVSS6AI score0.00476EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

AlmaLinux 10 : firefox (ALSA-2026:27733)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References31
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.8 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 1:27 p.m.2 views

SUSE-SU-2026:2583-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. - CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12291: Use-after-free in the...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51625

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...

4.8CVSS6AI score0.00483EPSS
Exploits0References10
Rows per page
Query Builder