Lucene search
K

727 matches found

PyPA
PyPA
added 2019/08/02 3:15 p.m.9 views

PYSEC-2019-11

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS7AI score0.03502EPSS
Exploits0References11Affected Software1
CNVD
CNVD
added 2019/07/16 12:0 a.m.2 views

Xiaomi Mi6 Browser Authorization Bypass Vulnerability

Xiaomi Mi6 Browser is a web browser from Xiaomi Technology Xiaomi, a Chinese company. An authorization bypass vulnerability exists in Xiaomi Mi6 Browser. An attacker can exploit this vulnerability to bypass authorization with a specially crafted HTML response...

8CVSS6.7AI score0.01248EPSS
Exploits0References1
OSV
OSV
added 2019/06/27 5:15 p.m.4 views

UBUNTU-CVE-2018-6148

Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS7AI score0.00704EPSS
Exploits0References3
OSV
OSV
added 2019/06/27 5:15 p.m.3 views

UBUNTU-CVE-2019-5810

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

6.5CVSS7.3AI score0.01094EPSS
Exploits0References3
CNVD
CNVD
added 2019/05/14 12:0 a.m.4 views

XSS Vulnerability at Private Messages in JEESNS System

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS system at the private message XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

6.4AI score
Exploits0
OSV
OSV
added 2019/05/01 6:29 p.m.5 views

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

7.5CVSS7.1AI score0.01341EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.6 views

The vulnerability of Google Chrome, related to improper input data validation, allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome is related to an incorrect optimization assumption in the V8 module. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in a isolated software environment, using a specially created HTML page...

8.8CVSS8.5AI score0.12879EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2019/02/19 5:29 p.m.4 views

UBUNTU-CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.01457EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/02/12 2:46 a.m.3 views

chromium-browser: Use after free in Blink

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.01666EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/01/10 12:0 a.m.5 views

The vulnerability of the MediaRecorder component in the Google Chrome web browser, which allows a hacker to trigger a service failure

The vulnerability of the MediaRecorder component in the Google Chrome web browser arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...

8.8CVSS7.8AI score0.01386EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2019/01/09 7:29 p.m.3 views

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

8.8CVSS7.6AI score0.11182EPSS
Exploits2References6
CNVD
CNVD
added 2019/01/09 12:0 a.m.4 views

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23270)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in affix in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.3AI score0.03984EPSS
Exploits1References1
OSV
OSV
added 2018/12/04 5:29 p.m.3 views

CVE-2018-6095

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...

6.5CVSS7.4AI score0.01605EPSS
Exploits0References6
OSV
OSV
added 2018/12/04 5:29 p.m.2 views

UBUNTU-CVE-2018-6094

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.01617EPSS
Exploits0References3
OSV
OSV
added 2018/11/14 3:29 p.m.2 views

UBUNTU-CVE-2018-6076

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

6.1CVSS7.3AI score0.01159EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/11/14 1:29 a.m.1 views

CVE-2018-8564

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge...

4.3CVSS5.5AI score0.02721EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/11/13 12:0 a.m.7 views

The vulnerability of the Chrome web browser’s angle library, allowing a hacker to execute arbitrary code

The vulnerability of the Chrome web browser’s angle library arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code, cause system failures, or disclose sensitive information through a specially...

10CVSS8AI score0.027EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/11/12 5:29 p.m.1 views

DEBIAN-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.1AI score0.60162EPSS
Exploits0References1
CNVD
CNVD
added 2018/10/19 12:0 a.m.6 views

Google Chrome Extensions UI Spoofing Vulnerability

Google Chrome is a web browser developed by Google, Inc.Extensions is one of the browser extensions. A security vulnerability exists in Extensions in Google Chrome versions prior to 70.0.3538.67. The vulnerability can be exploited by remote attackers to spoof the contents of an extension pop-up...

4.3CVSS6AI score0.0119EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/09/10 9:31 p.m.2 views

chromium-browser: User confirmation bypass in external protocol handling

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

6.1CVSS7.4AI score0.01084EPSS
Exploits0References5
Rows per page
Query Builder