Lucene search
K

362 matches found

NVD
NVD
added 2024/11/26 2:15 p.m.12 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

4.3CVSS0.00469EPSS
Exploits0References6
OSV
OSV
added 2024/11/26 2:15 p.m.9 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

4.3CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2024/11/26 2:15 p.m.1 views

UBUNTU-CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

4.3CVSS6.7AI score0.00469EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/11/26 1:33 p.m.9 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

6.1AI score0.00469EPSS
Exploits0References5
CVE
CVE
added 2024/11/26 1:33 p.m.306 views

CVE-2024-11692

CVE-2024-11692 describes a spoofing-related issue in Mozilla Firefox/Thunderbird where a select dropdown could be rendered over another tab, causing user confusion. The vulnerability affects Firefox versions before 133, Firefox ESR before 128.5, Thunderbird before 133, and Thunderbird before 128....

4.3CVSS6AI score0.00469EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2024/11/26 1:33 p.m.31 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

0.00469EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/11/26 1:33 p.m.14 views

CVE-2024-11692

An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

4.3CVSS6AI score0.00469EPSS
Exploits0
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.2 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

4.3CVSS6.5AI score0.00469EPSS
Exploits0References7
Mozilla
Mozilla
added 2024/11/26 12:0 a.m.21 views

Security Vulnerabilities fixed in Thunderbird 128.5 — Mozilla

Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. This bug only affected the application on Apple M series hardware. Other platforms were unaffected. An attacker could cause a select...

9.8CVSS7.5AI score0.00833EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/26 12:0 a.m.10 views

Mozilla Thunderbird < 128.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-68 advisory. - Memory safety bugs present in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. So...

9.8CVSS7.7AI score0.00833EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/11/26 12:0 a.m.12 views

Mozilla Firefox < 133.0

The version of Firefox installed on the remote Windows host is prior to 133.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-63 advisory. - A double-free issue could have occurred in secpkcs7decoderstartdecrypt when handling an error path. Under specific...

9.8CVSS7.5AI score0.00919EPSS
Exploits0References18
OSV
OSV
added 2024/10/17 6:15 p.m.5 views

CVE-2024-49217

Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1...

9.8CVSS5.8AI score0.00463EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/17 7:22 a.m.6 views

Data Validation Bypass

Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.5 views

PT-2024-33353 · Unknown · Madiri Salman Aashish

Name of the Vulnerable Software and Affected Versions: Madiri Salman Aashish versions n/a through 1.1 Description: The issue is related to Incorrect Privilege Assignment in the registration system, allowing Privilege Escalation when adding drop down roles. This can be exploited due to the incorre...

9.8CVSS6.9AI score0.00463EPSS
Exploits0References6
Snyk
Snyk
added 2024/10/10 10:11 p.m.3 views

Improper Input Validation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with...

6.9CVSS7AI score
Exploits0References2
OSV
OSV
added 2024/10/10 10:11 p.m.11 views

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

6.9CVSS7.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/10 10:11 p.m.17 views

Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

7.4AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-40012 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is a data validation problem in the Gradio Dropdown component's pre-processing step. It allows attackers to bypass input constraints by sending custom requests with arbitrary values, even...

6.9CVSS7.4AI score
Exploits0References3
OSV
OSV
added 2024/09/25 1:15 a.m.4 views

CVE-2024-8103

The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

5.4CVSS5.9AI score0.00325EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

WordPress plugin WP Category Dropdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References7
Rows per page
Query Builder