7 matches found
EUVD-2026-35343
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...
EUVD-2025-24672
Malicious code in bioql PyPI...
CVE-2025-27388
Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
The vulnerability in the isolated iframe of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, relates to improper handling of user data. This allows an attacker to perform a spoofing attack.
The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to the improper handling of user data. Exploiting this vulnerability allows a malicious actor to perform a spoofing attack when executing a program and processing an external URL request...
CVE-2021-22049
The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...