Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

836 matches found

UbuntuCve
UbuntuCveadded 2019/11/05 2:15 p.m.24 views

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

7.5CVSS7.2AI score0.13599EPSS
Exploits1References2
CVE
CVEadded 2019/11/05 1:10 p.m.88 views

CVE-2019-17221

CVE-2019-17221 affects PhantomJS up to version 2.1.1. The vulnerability is an arbitrary file read in the webpage module’s page.open() function, exploitable via an XMLHttpRequest to a file:// URI. An attacker can provide a crafted HTML file as input, causing PhantomJS to read arbitrary files on th...

7.5CVSS7.2AI score0.13599EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVEadded 2019/11/05 1:10 p.m.25 views

CVE-2019-17221

Removed by vendor...

7.5CVSS7.5AI score0.13599EPSS
Exploits1
Cvelist
Cvelistadded 2019/11/05 1:10 p.m.17 views

CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

7.3AI score0.13599EPSS
Exploits1References1
wpexploit
wpexploitadded 2019/11/05 12:0 a.m.28 views

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1.5AI score
Exploits0References2
OSV
OSVadded 2019/09/20 8:15 p.m.1 views

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

7.5CVSS7.2AI score
Exploits0References2
NVD
NVDadded 2019/09/20 8:15 p.m.11 views

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

7.5CVSS7.5AI score0.00316EPSS
Exploits1References2
Prion
Prionadded 2019/09/20 8:15 p.m.14 views

Design/Logic Flaw

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

5CVSS7.4AI score0.00316EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2019/09/20 7:13 p.m.16 views

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

7.5AI score0.00316EPSS
Exploits1References2
0day.today
0day.todayadded 2019/08/30 12:0 a.m.48 views

Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...

3.5CVSS5.6AI score0.00188EPSS
Exploits5
Packet Storm
Packet Stormadded 2019/08/30 12:0 a.m.315 views

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.6AI score0.00188EPSS
Exploits5
OSV
OSVadded 2019/07/23 2:15 p.m.1 views

DEBIAN-CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS9.4AI score0.00732EPSS
Exploits0References1
OSV
OSVadded 2019/07/23 2:15 p.m.5 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS9.2AI score
Exploits0References4
Prion
Prionadded 2019/07/23 2:15 p.m.13 views

Design/Logic Flaw

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

7.5CVSS9.1AI score0.00732EPSS
Exploits0References4Affected Software3
CVE
CVEadded 2019/07/23 1:23 p.m.305 views

CVE-2019-11691

CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions &lt; 60.7 and Firefox/Firefox ESR versions

9.8CVSS6.3AI score0.00732EPSS
Exploits0References4Affected Software3
Cvelist
Cvelistadded 2019/07/23 1:23 p.m.17 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

6.2AI score0.00732EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2019/07/23 1:23 p.m.25 views

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

9.8CVSS10AI score0.00732EPSS
Exploits0
Hacker One
Hacker Oneadded 2019/07/17 9:26 p.m.12 views

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

Exploits0
Hacker One
Hacker Oneadded 2019/07/17 7:6 p.m.13 views

U.S. Dept Of Defense: [██████] Reflected GET XSS (/personnel.php?..&folder=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

0.1AI score
Exploits0
OSV
OSVadded 2019/06/27 5:15 p.m.1 views

DEBIAN-CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS8.4AI score0.0107EPSS
Exploits0References1
Rows per page
Query Builder