Lucene search
K

5125 matches found

Vulnrichment
Vulnrichment
added 2025/07/11 12:0 a.m.2 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

6.6AI score0.00632EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.3 views

PT-2025-29230

Name of the Vulnerable Software and Affected Versions JGM Pandoc version 3.6.4 Description A Server-Side Request Forgery SSRF issue exists in JGM Pandoc version 3.6.4. This flaw allows attackers to potentially compromise the entire infrastructure by injecting a crafted iframe. Reports indicate...

6.1CVSS5.7AI score0.00632EPSS
Exploits1References75
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.9 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

0.00632EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2025/07/11 12:0 a.m.5 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

3.7CVSS5.8AI score0.00632EPSS
Exploits1
OSV
OSV
added 2025/07/09 4:37 p.m.6 views

DRUPAL-CONTRIB-2025-087

This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...

6.1CVSS6.2AI score0.00227EPSS
Exploits0References1
Drupal
Drupal
added 2025/07/09 12:0 a.m.22 views

Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087

This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...

6.1CVSS5.8AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.3 views

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...

6.5CVSS6.7AI score0.01408EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.4 views

webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. Loading a malicious iframe can cause a cross-site scripting attack due to permissions issues...

6.1CVSS5.5AI score0.00534EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.2 views

webkitgtk: IFrame sandboxing policy violation

A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...

6.5CVSS7.3AI score0.01515EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.2 views

webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.2AI score0.01068EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/06 9:7 a.m.7 views

CVE-2025-30969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...

8.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Gitee
Gitee
added 2025/07/06 2:40 a.m.92 views

Exploit for Use After Free in Google Chrome

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe. host iframe.html on one site an...

6.5CVSS6.8AI score0.61537EPSS
Exploits10
NVD
NVD
added 2025/07/04 9:15 a.m.3 views

CVE-2025-30969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...

8.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/04 9:15 a.m.3 views

CVE-2025-30969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...

8.5CVSS5.9AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/04 8:42 a.m.2 views

CVE-2025-30969 WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...

8.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 8:42 a.m.9 views

CVE-2025-30969 WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...

8.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 8:42 a.m.22 views

CVE-2025-30969

CVE-2025-30969 affects the WordPress plugin iFrame Images Gallery (versions

8.5CVSS5.9AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

WordPress plugin iFrame Images Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS7.6AI score0.00246EPSS
Exploits0References1
Drupal
Drupal
added 2025/06/25 12:0 a.m.8 views

CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...

6.1CVSS5.6AI score0.00186EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/19 10:45 a.m.4 views

Directory Traversal

openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of path parameters in the /script-api/scripts/ endpoint, allowing attackers to access unauthorized directories...

9.1CVSS6.9AI score0.00856EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder