Lucene search
K

422 matches found

Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.14 views

PT-2024-6290 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The issue is related to insufficient policy enforcement in Data Transfer, allowing a remote attacker to leak cross-origin data via a crafted HTML page if the user engages in specific ...

9.6CVSS5.4AI score0.19272EPSS
Exploits27References272
Redos
Redos
added 2024/08/15 12:0 a.m.26 views

ROS-20240815-08

Vulnerability in the ANGLE component of Google Chrome browser is related to out-of-bounds recording. Exploitation of the of the vulnerability could allow an attacker acting remotely to exploit the heap corruption with a a specially crafted HTML page V8 JavaScript script handler V8 vulnerability i...

8.8CVSS6.4AI score0.00783EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/20 12:0 a.m.74 views

Microsoft Edge (Chromium) < 126.0.2592.68 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.68. It is, therefore, affected by multiple vulnerabilities as referenced in the June 20, 2024 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2024-38082, CVE-2024-38093 - Type Confusion ...

8.8CVSS7.1AI score0.01123EPSS
Exploits0References13
CNVD
CNVD
added 2024/06/04 12:0 a.m.9 views

Google Chrome Code Execution Vulnerability (CNVD-2024-26520)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...

8.8CVSS7AI score0.00638EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/04 12:0 a.m.12 views

Google Chrome Code Execution Vulnerability (CNVD-2024-26521)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...

8.8CVSS7AI score0.00738EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...

8.8CVSS9AI score0.00638EPSS
Exploits1References5
Veracode
Veracode
added 2024/03/27 6:36 a.m.22 views

Cross-Site Scripting

github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of user-controlled outputs when generating HTML pages. This flaw allows an attacker to execute scripts in the context of another user's browser session...

6.1CVSS6.7AI score0.00309EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.7 views

PT-2024-2642 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to incorrect security UI in Google Chrome, allowing a remote attacker to perform UI spoofing via a crafted HTML page. This can be achieved by exploiting the...

9.8CVSS6.3AI score0.99735EPSS
Exploits129References1073
Veracode
Veracode
added 2024/03/16 9:10 p.m.26 views

Use After Free

chromium is vulnerable to Use After Free.The vulnerability is due to improper handling of memory when processing crafted HTML pages, leading to potential heap corruption...

8.8CVSS6.5AI score0.007EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/03/15 9:19 a.m.25 views

CVE-2024-2445 Reflected XSS in Mattermost Jira plugin

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...

6.1CVSS6.2AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 9:19 a.m.17 views

CVE-2024-2445 Reflected XSS in Mattermost Jira plugin

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...

6.1CVSS6.1AI score0.00309EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.75 views

Fedora 39 : chromium (2024-9ce64d8940)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ce64d8940 advisory. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 Tenable has extracted the...

8.8CVSS8.3AI score0.02578EPSS
Exploits3References3
Veracode
Veracode
added 2024/01/31 7:21 a.m.15 views

Cross Site Scripting (XSS)

@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms...

8.2CVSS6.2AI score0.00385EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/01/31 6:56 a.m.19 views

Cross Site Scripting (XSS)

@apollo/experimental-nextjs-app-support is vulnerable to Cross Site Scripting XSS. The vulnerability due to improper sanitization during server-side rendering of HTML pages, which allows an attacker to perform XSS...

8.2CVSS6.2AI score0.00385EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/30 8:57 p.m.23 views

GHSA-997G-27X8-43RF react-query-streamed-hydration Cross-site Scripting vulnerability

Impact The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper...

8.2CVSS6.8AI score0.00385EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A numeric error vulnerability exists in versions prior to Google Chrome 120.0.6099.216, which stems from insufficient data validation. An attacker can exploit the vulnerability to install malicious extensions via specially crafted...

5.3CVSS8.8AI score0.00429EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/01/05 12:0 a.m.60 views

Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory. - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had...

8.8CVSS7.4AI score0.10114EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.16 views

PT-2023-6540 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.117 Microsoft Edge versions prior to 118.0.5993.117 Description: The issue is related to a use after free in the Profiles component, which can be exploited by a remote attacker using a crafted HTML...

10CVSS7.8AI score0.99735EPSS
Exploits128References1116
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.7 views

PT-2023-5912 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which allowed a remote attacker to spoof security UI via a crafted HTML page. This cou...

9.8CVSS6.3AI score0.99735EPSS
Exploits128References1114
RedHat Linux
RedHat Linux
added 2023/10/09 11:3 a.m.5 views

libvpx: crash related to VP9 encoding in libvpx

A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a w...

7.5CVSS7.8AI score0.01936EPSS
Exploits0References4
Rows per page
Query Builder