Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/09 3:51 a.m.13 views

EUVD-2026-35343

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS5.5AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24672

Malicious code in bioql PyPI...

8.3CVSS6.6AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 8:11 a.m.5 views

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

8.3CVSS7.6AI score0.00359EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/01/25 3:30 p.m.7 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:18 p.m.5 views

Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...

6.5CVSS7.3AI score0.00641EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/01/19 12:0 a.m.4 views

The vulnerability in the isolated iframe of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, relates to improper handling of user data. This allows an attacker to perform a spoofing attack.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to the improper handling of user data. Exploiting this vulnerability allows a malicious actor to perform a spoofing attack when executing a program and processing an external URL request...

6.4CVSS6.7AI score0.00737EPSS
Exploits1References12Affected Software8
OSV
OSV
added 2021/11/24 5:15 p.m.6 views

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

9.8CVSS5.8AI score0.01673EPSS
Exploits0References1
Rows per page
Query Builder