Lucene search
K

48 matches found

UbuntuCve
UbuntuCve
added 2026/02/24 2:16 p.m.6 views

CVE-2026-2787

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/02/24 1:33 p.m.4 views

CVE-2026-2787

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.2AI score0.00402EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/24 1:33 p.m.4 views

CVE-2026-2787

Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.9AI score0.00402EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/02/24 1:33 p.m.3 views

CVE-2026-2787

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References6
CVE
CVE
added 2026/02/24 1:33 p.m.30 views

CVE-2026-2787

CVE-2026-2787 is a use-after-free in the DOM: Window and Location component, with fixes in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. Connected sources corroborate the issue in Firefox-related components and list the affected products as Firefox/Th...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/24 1:33 p.m.2 views

CVE-2026-2787 Use-after-free in the DOM: Window and Location component

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

5.8AI score0.00402EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/24 1:33 p.m.22 views

CVE-2026-2787 Use-after-free in the DOM: Window and Location component

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

0.00402EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Mozilla多款产品 资源管理错误漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

9.8CVSS7.3AI score0.00402EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/15 12:30 a.m.1 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via improper handling of window.location inside client-side JavaScript templates. An attacker can redirect users to arbitrary external websites by crafting a malicious link and convincing a user to click it. Remediation...

6.1CVSS6.8AI score0.00401EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2010-0201

Malware in sbrugna...

4.3CVSS9.2AI score0.01566EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0091

Malware in sbrugna...

6.1CVSS6.1AI score0.01327EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-4224

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...

4.3CVSS7AI score0.01831EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0170

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors that are specific to each affected plugin...

4.3CVSS8AI score0.01566EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-1956

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object aka window.location, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving a...

4.3CVSS8.1AI score0.01888EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.7 views

SUSE CVE-2018-6834

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

6.1CVSS6AI score0.00898EPSS
Exploits0References3
CNVD
CNVD
added 2018/09/04 12:0 a.m.4 views

Mayan EDMS Cross-Site Scripting Vulnerability (CNVD-2019-09817)

Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control and optical character recognition. A cross-site scripting vulnerability exists in Mayan EDMS versions prior to 3.0.2. The vulnerability stems from...

6.1CVSS5.9AI score0.01327EPSS
Exploits1References1
PyPA
PyPA
added 2018/09/03 7:29 p.m.8 views

PYSEC-2018-106

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...

6.1CVSS7AI score0.01327EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2018/09/03 7:29 p.m.6 views

PYSEC-2018-16

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...

6.1CVSS7AI score0.01327EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2018/02/27 12:0 a.m.4 views

Etherpad Lite Cross-Site Scripting Vulnerability

Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...

6.1CVSS6.3AI score0.00898EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Google Chrome 8.0.552.237 - .replace DoS

No description provided by source. html head Exploit Title: Google Chrome v8.0.552.237 .replace DOS Date: January 30 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.google.com/chrome Version: v8.0.552.237 Tested on: Windows xp sp3 ,windows 7 ,linux running on VMware Fusion 3....

7.1AI score
Exploits0
Rows per page
Query Builder