Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39675

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 3:30 p.m.7 views

EUVD-2026-10338

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/09 3:30 p.m.5 views

EUVD-2026-10339

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3
NVD
NVD
added 2026/03/09 2:16 p.m.5 views

CVE-2026-2919

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...

4.3CVSS0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/09 1:27 p.m.4 views

CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...

5.8AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 1:27 p.m.29 views

CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...

0.00184EPSS
Exploits0References2
CVE
CVE
added 2026/03/09 1:27 p.m.21 views

CVE-2026-2919

CVE-2026-2919 affects Focus for iOS. The issue arises from malicious scripts manipulating navigation and iframe behavior to display attacker-controlled or spoofed content under a trusted domain without user interaction. Impact stated as UI could present a spoofed domain; vulnerability fixed in Fo...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/24 2:16 p.m.6 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 2:16 p.m.8 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS 147.4...

9.8CVSS5.7AI score0.00308EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 2:16 p.m.7 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/02/24 2:16 p.m.4 views

UBUNTU-CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References4
CVE
CVE
added 2026/02/24 1:33 p.m.37 views

CVE-2026-2634

The vulnerability CVE-2026-2634 affects Firefox for iOS . Malicious scripts could cause desynchronization between the address bar and web content before a response is received, allowing attacker‑controlled pages to be displayed under spoofed domains. The vulnerability is stated to be fixed in Fir...

9.8CVSS5.7AI score0.00308EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/24 1:33 p.m.2 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS5.7AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/24 1:33 p.m.4 views

EUVD-2026-8446

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS 147.4...

5.3AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 1:33 p.m.23 views

CVE-2026-2634 Spoofed web content presented under trusted domains using scripted navigation on Firefox iOS

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21689

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 147.4 Description A flaw exists in Firefox for iOS that could allow malicious scripts to cause a mismatch between the address bar display and the actual web content. This could lead to a user being presented...

9.8CVSS5.3AI score0.00308EPSS
Exploits0References7
Mozilla
Mozilla
added 2026/02/20 12:0 a.m.9 views

Security Vulnerabilities fixed in Firefox for iOS 147.4 — Mozilla

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains...

9.8CVSS5.3AI score0.00308EPSS
Exploits0References1Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/01/06 6:0 p.m.8 views

Phishing actors exploit complex routing and misconfigurations to spoof domains

Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains and deliver phishing emails that appear, superficially, to have been sent internally. Threat actors have leveraged this vector to deliver a wide variety of...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/10 2:30 p.m.6 views

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing smishing campaign since October 2024 that targets toll road users in the United States of America. We observed that the campaign targets people across several states in the U.S. according to the domain names used in th...

7.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.2 views

SUSE CVE-2009-4010

Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones...

7.5CVSS7AI score0.10263EPSS
Exploits0References4
Rows per page
Query Builder