Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51104

Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...

8.5CVSS5.8AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/27 2:12 a.m.13 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:5 p.m.9 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00199EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:5 p.m.10 views

EUVD-2026-31693

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43074

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References5
Mozilla
Mozilla
added 2026/05/25 12:0 a.m.22 views

Security Vulnerabilities fixed in Firefox for iOS 151.1 — Mozilla

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/18 1:31 p.m.29 views

EUVD-2026-29404

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 7:37 p.m.10 views

CVE-2026-41398

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

4.6CVSS0.00112EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 10:4 a.m.8 views

CVE-2026-41245

A flaw was found in Junrar, an open-source Java RAR archive library. A path traversal vulnerability in the LocalFolderExtractor allows a remote attacker to write arbitrary files with attacker-controlled content into sibling directories. This occurs when a specially crafted RAR archive is extracte...

9.3CVSS5.9AI score0.00336EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 10:12 p.m.12 views

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

Summary Workspace provider auth choices could auto-enable untrusted provider plugins. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Non-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin,...

8.8CVSS5.7AI score0.00381EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/19 4:28 p.m.9 views

EUVD-2026-13202

qui CORS Misconfiguration: Arbitrary Origins Trusted...

9CVSS5.8AI score0.00257EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/07 8:36 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CSRF Attack (CVE-2025-47909)

Summary gorilla/csrf is used by Scheduling Service. A vulnerability in gorilla/csrf is addressed. Vulnerability Details CVEID:CVE-2025-47909 DESCRIPTION: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks...

7.3CVSS6.5AI score0.00159EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-4280

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26212

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/31 4:27 p.m.4 views

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS6.9AI score0.00345EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/30 11:21 p.m.4 views

SUSE CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS6.9AI score0.00159EPSS
Exploits0References3
OSV
OSV
added 2025/08/29 8:23 p.m.3 views

GHSA-82FF-HG59-8X73 github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

6.9CVSS6.9AI score0.00159EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/29 8:23 p.m.8 views

github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS4.3AI score0.00159EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/08/29 4:43 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to improper validation of the TrustedOrigins header which was introduced by the fix for CVE-2025-24358. An attacker can perform unauthorized actions on behalf of authenticated users by submitting...

8.8CVSS6.7AI score0.00345EPSS
Exploits0References3
NVD
NVD
added 2025/08/29 4:15 p.m.3 views

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS0.00159EPSS
Exploits0References2
Rows per page
Query Builder