Lucene search
K

605 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38356

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/20 2:7 p.m.116 views

Exploit for CVE-2025-68999

CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...

8.5CVSS5.9AI score0.00253EPSS
Exploits2
Patchstack
Patchstack
added 2026/04/16 3:36 p.m.6 views

WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin HAPPY versions = 1.0.10...

5.8AI score0.00307EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/29 3:23 p.m.5 views

EUVD-2026-16893

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/29 3:23 p.m.6 views

07-calito-router (>=0.0.2 <=0.0.4), @01.software/cli (>=0.3.0 <=0.10.3) +807 more potentially affected by CVE-2026-34226 via happy-dom (>=0.0.1 <=20.8.8)

happy-dom NPM version =0.0.1, =0.0.2, =0.3.0, =0.4.0, =0.2.0, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.9.1 and more Source cves: CVE-2026-34226 Source advisory: OSV:GHSA-W4GP-FJGQ-3Q4G...

7.5CVSS5.7AI score0.00458EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/29 3:23 p.m.5 views

Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Summary happy-dom may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from origin A to destination B. Details In packages/happy-dom/src/fetch/utilities/FetchRequestHeaderUtility.ts...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 11:32 p.m.7 views

CVE-2026-33943

A flaw was found in Happy DOM, a JavaScript implementation of a web browser. This vulnerability allows a remote attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions. The ECMAScriptModuleCompiler component fails to properly sanitize content within export...

8.8CVSS6.2AI score0.00788EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/27 11:24 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview org.webjars.npm:happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data vi...

8.7CVSS5.9AI score0.00458EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 11:24 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the fetch...

8.7CVSS5.9AI score0.00458EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 10:16 p.m.4 views

CVE-2026-34226

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

7.5CVSS0.00458EPSS
Exploits1References8
NVD
NVD
added 2026/03/27 10:16 p.m.10 views

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

9.8CVSS0.00788EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/27 9:17 p.m.22 views

CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

7.5CVSS0.00458EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:17 p.m.2 views

CVE-2026-34226

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 9:17 p.m.4 views

CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References5
OSV
OSV
added 2026/03/27 9:17 p.m.6 views

CVE-2026-34226 Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin window.location instead of the request target URL when fetch..., credentials: "include" is used. This can leak cookies from orig...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References10
CVE
CVE
added 2026/03/27 9:17 p.m.44 views

CVE-2026-34226

Technical details about CVE-2026-34226 are not publicly provided in the supplied documents. Monitor for updates on affected versions, root cause, and remediation.

7.5CVSS5.8AI score0.00458EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/03/27 9:15 p.m.5 views

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

8.8CVSS6.1AI score0.00788EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/03/27 9:15 p.m.33 views

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

8.8CVSS0.00788EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 9:15 p.m.35 views

CVE-2026-33943

Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...

9.8CVSS6.1AI score0.00788EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder