12 matches found
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327
This CVE concerns the DatoCMS Web Previews plugin, where an authenticated user can perform an iframe injection by bypassing the frontend URL restriction. The root cause is an insecure handling of embedded resources in the Web Previews feature, affecting versions earlier than 1.0.31. Impact is the...
PT-2026-22341
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
Linux Distros Unpatched Vulnerability : CVE-2022-31052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the...
Linux Distros Unpatched Vulnerability : CVE-2023-25731
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in...
CVE-2023-25731
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox 110...
PYSEC-2022-224
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...