Lucene search
+L

44 matches found

Patchstack
Patchstack
added 2024/07/03 6:23 a.m.3 views

WordPress Integration for Luminate and Gravity Forms plugin <= 1.3.3 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Integration for Luminate and Gravity Forms versions = 1.3.3...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.1 views

WordPress WS Theme Addons plugin <= 2.0.0 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin WS Theme Addons versions = 2.0.0...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.5 views

WordPress weForms plugin <= 1.6.23 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin weForms versions = 1.6.23...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.5 views

WordPress Simply Show Hooks plugin <= 1.2.1 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Simply Show Hooks versions = 1.2.1...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.5 views

WordPress Product Customer List for WooCommerce plugin <= 3.1.6 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Product Customer List for WooCommerce versions = 3.1.6...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.4 views

WordPress Social Warfare plugin <= 4.4.7.1 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Social Warfare versions = 4.4.7.1...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.4 views

WordPress Jobs.af plugin <= 1.0.1 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Jobs.af versions = 1.0.1...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.6 views

WordPress FireBox plugin <= 2.1.15 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin FireBox versions = 2.1.15...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.7 views

WordPress Qualified Electronic Signatures by eID Easy plugin <= 3.3.0 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Qualified Electronic Signatures by eID Easy versions = 3.3.0...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.7 views

WordPress TotalRating Pro plugin <= 1.8.4 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin TotalRating Pro versions = 1.8.4...

7AI score
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/02 9:20 p.m.35 views

Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...

9.8CVSS6.8AI score0.01427EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/07/02 9:20 p.m.33 views

GHSA-CVW4-C69G-7V7M Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...

4.2AI score0.01427EPSS
Exploits0References7
NVD
NVD
added 2024/07/02 8:15 p.m.43 views

CVE-2024-38537

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

9.8CVSS0.01427EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/02 7:50 p.m.47 views

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

0.01427EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/02 7:50 p.m.28 views

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

7.2AI score0.01427EPSS
Exploits0References5
CVE
CVE
added 2024/07/02 7:50 p.m.108 views

CVE-2024-38537

Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...

9.8CVSS3.7AI score0.01427EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/07/02 7:50 p.m.28 views

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

6.7AI score0.01427EPSS
Exploits0References7
Veracode
Veracode
added 2024/06/26 6:13 a.m.20 views

Malicious CDN Embedding

pdoc is vulnerable to malicious CDN embedding. The vulnerability is caused when documentation is generated with math mode pdoc --math due to the usage of a compromised polyfill.io CDN domain. An attacker could potentially exploit this by injecting malicious code into documentation generated with...

7.2CVSS6.8AI score0.03832EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/06/26 12:15 a.m.57 views

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

7.2CVSS0.03832EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/25 11:53 p.m.208 views

CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

7.2CVSS0.03832EPSS
Exploits0References4
Rows per page
Query Builder