15 matches found
CVE-2026-28376
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifyBlob in the Model Pull API that improperly verifies manifest containing both config and layer digests. An attacker can access internal resources or services by sending crafted requests...
EUVD-2018-16927
Malware in sbrugna...
CVE-2025-54864
CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...
The vulnerability of the Push API interface on Mozilla Firefox’s browser allows a perpetrator to gain unauthorized access to protected information or cause a service failure.
The vulnerability of the Push API interface of Mozilla Firefox’s browser is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures...
CVE-2020-29005
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure...
Mozilla Firefox < 59 Multiple Vulnerabilities
Binary data 700328.prm...
CVE-2018-5141
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
Design/Logic Flaw
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
CVE-2018-5141
CVE-2018-5141 is a vulnerability in the Firefox Push API where notifications can be triggered by web content via service workers without direct user interaction, potentially allowing opening new tabs or displaying content from arbitrary URLs. The connected documents confirm this affects Firefox v...
CVE-2018-5141
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
CVE-2018-5141
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
UBUNTU-CVE-2018-5141
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
CVE-2018-5141
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service DOS attack or to display unwanted content from arbitrary URLs to users. This vulnerabili...
Security vulnerabilities fixed in Firefox 59 — Mozilla
A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...