Lucene search
K

42 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.00221EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/04/08 9:20 p.m.5 views

CVE-2026-5900

Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00159EPSS
Exploits0
NVD
NVD
added 2025/12/02 7:15 p.m.5 views

CVE-2025-13637

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.6 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of the download feature that could allow a remote attacker to bypass download protection via a specially crafted HTML...

4.3CVSS6AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-5085

Malware in sbrugna...

6.5CVSS7.9AI score0.00706EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-25147

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.00765EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.7 views

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

4.3CVSS6.9AI score0.00986EPSS
Exploits0References1
CNVD
CNVD
added 2024/12/04 12:0 a.m.8 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-48561)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

9.8CVSS9.1AI score0.00833EPSS
Exploits0References1
OSV
OSV
added 2024/11/28 6:37 a.m.10 views

SUSE-SU-2024:4086-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 bsc1233695: CVE-2024-11691: Memory corruption in Apple GPU drivers CVE-2024-11692: Select list elements could be shown...

9.8CVSS7.9AI score0.00833EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.5 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

9.8CVSS6.5AI score0.00833EPSS
Exploits0References7
OSV
OSV
added 2024/04/27 6:26 a.m.4 views

MGASA-2024-0153 Updated firefox packages fix security vulnerabilities

CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not ...

8.8CVSS6.8AI score0.00847EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2023/10/27 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2023:4212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.01585EPSS
Exploits0References4
OSV
OSV
added 2023/10/26 8:36 a.m.4 views

SUSE-SU-2023:4213-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Updated to version 115.4.0 ESR bsc1216338. - CVE-2023-5721: Fixed a potential clickjack via queued up rendering. - CVE-2023-5722: Fixed a cross-Origin size and header leakage. - CVE-2023-5723: Fixed unexpected errors when handling inval...

9.8CVSS7.3AI score0.01585EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.2 views

SUSE CVE-2022-1874

Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page...

8.8CVSS8.3AI score0.00765EPSS
Exploits1References5
OSV
OSV
added 2022/12/13 3:59 p.m.6 views

SUSE-SU-2022:4461-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR bsc1206242: - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Dra...

9.8CVSS9AI score0.00921EPSS
Exploits0References9
OSV
OSV
added 2022/07/27 10:15 p.m.2 views

UBUNTU-CVE-2022-1874

Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page...

8.8CVSS7.3AI score0.00765EPSS
Exploits1References2
NVD
NVD
added 2021/07/27 9:15 p.m.32 views

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

4.3CVSS0.00986EPSS
Exploits0References3
Prion
Prion
added 2021/07/27 9:15 p.m.16 views

Design/Logic Flaw

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

4CVSS4.6AI score0.00986EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/07/27 9:10 p.m.83 views

CVE-2021-32748

The CVE-2021-32748 issue affects Nextcloud Richdocuments, where WOPI API calls between Richdocuments and Collabora Editor lacked credentials/IP-based access checks. This allowed bypassing watermarks/download protections configured via File Access Control, though it did not grant access to data un...

4.3CVSS4.6AI score0.00986EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2021/06/04 6:1 a.m.64 views

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users...

0.6AI score
Exploits0
Rows per page
Query Builder