Lucene search
K

87 matches found

Patchstack
Patchstack
added 2025/09/22 7:12 p.m.4 views

WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Subresource Integrity SRI Manager versions = 0.4.0...

4.3CVSS6.7AI score0.00259EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/22 6:25 p.m.11 views

CVE-2025-57936

CVE-2025-57936 — Affected: Subresource Integrity (SRI) Manager. The connected documents indicate a Missing Authorization vulnerability impacting SRI Manager versions from n/a up to and including 0.4.0. CVSS v3.1 base score 4.3 (Medium) with network attack vector, low privileges required, no user ...

4.3CVSS5.9AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:25 p.m.1 views

CVE-2025-57936 WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Meitar Subresource Integrity SRI Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subresource Integrity SRI Manager: from n/a through 0.4.0...

4.3CVSS6.6AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:25 p.m.11 views

CVE-2025-57936 WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Meitar Subresource Integrity SRI Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity SRI Manager: from n/a through = 0.4.0...

4.3CVSS0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

WordPress plugin Subresource Integrity (SRI) Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers....

4.3CVSS6.4AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38786

Name of the Vulnerable Software and Affected Versions Meitar Subresource Integrity SRI Manager versions through 0.4.0 Description An authorization issue exists in Meitar Subresource Integrity SRI Manager, allowing exploitation due to incorrectly configured access control security levels...

4.3CVSS6.7AI score0.00259EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:53 p.m.7 views

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS6.3AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.5 views

CVE-2020-15262

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...

5CVSS6.7AI score0.00517EPSS
Exploits0
OSV
OSV
added 2025/03/14 3:43 p.m.8 views

OESA-2025-1268 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of...

9.8CVSS9.8AI score0.72648EPSS
Exploits40References188
RedhatCVE
RedhatCVE
added 2025/02/05 9:31 a.m.8 views

CVE-2024-30250

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS6.9AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:59 a.m.5 views

CVE-2024-29896

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...

7.5CVSS6.8AI score0.00591EPSS
Exploits0References1
NVD
NVD
added 2024/04/04 3:15 p.m.11 views

CVE-2024-30250

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS7.7AI score0.0031EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/04 2:57 p.m.12 views

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS7.7AI score0.0031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/01 12:0 a.m.7 views

PT-2024-23298 · Unknown · Astro-Shield

Name of the Vulnerable Software and Affected Versions: Astro-Shield versions 1.2.0 through 1.3.1 Description: Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. The issue allows bypass to the...

8.7CVSS7.6AI score0.0031EPSS
Exploits0References10
CVE
CVE
added 2024/03/28 12:48 p.m.71 views

CVE-2024-29896

CVE-2024-29896 affects the Astro-Shield library. The vulnerability stems from automated CSP header generation for SSR content, where the CSP header may inadvertently allowlisting malicious injected resources (e.g., inlined or external scripts) when content can be partially controlled by external ...

7.5CVSS7.4AI score0.00591EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.3 views

SUSE CVE-2016-1636

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...

9.8CVSS9.1AI score0.01836EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS8.4AI score0.00196EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 8:15 p.m.20 views

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2022/12/22 8:15 p.m.3 views

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

4.3CVSS6.8AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.35 views

CVE-2022-36315

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

6.3AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder