Lucene search
K

563 matches found

nvd
nvd
added 2026/01/16 7:16 p.m.14 views

CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

7.4CVSS0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/16 6:11 p.m.4 views

CVE-2025-15032 CVE-2025-15032: Increased Spoofing risk; custom new window missing about:blank

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

7.4CVSS6.3AI score0.00237EPSS
Exploits0References1
cve
cve
added 2026/01/16 6:11 p.m.16 views

CVE-2025-15032

Dia for macOS before 1.9.0 is vulnerable to spoofing of the window title due to a missing about:blank indicator in custom-sized new windows. The root cause is the absence of a visual cue (about:blank indicator) that can mislead users about the current site. Affected product: Dia (macOS). Impact: ...

7.4CVSS6.3AI score0.00237EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/16 6:11 p.m.2 views

CVE-2025-15032

Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...

7.4CVSS5.4AI score0.00237EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/16 12:0 a.m.6 views

Dia security vulnerabilities

Dia is an AI-driven smart browser developed by Dia Company. Versions of Dia prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the absence of the about:blank indicator in new windows with custom sizes, which could allow attackers to deceive trusted domains and...

7.4CVSS5.8AI score0.00237EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/01/16 12:0 a.m.10 views

PT-2026-3271

Name of the Vulnerable Software and Affected Versions Dia versions prior to 1.9.0 Description A flaw exists in Dia that, on macOS, could allow an attacker to spoof a trusted domain in the window title of custom-sized new windows. This could mislead users about the current site due to a missing...

7.4CVSS6.2AI score0.00237EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 9:32 a.m.6 views

CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

6.1CVSS6.3AI score0.00229EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:32 a.m.13 views

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

8.8CVSS7AI score0.00256EPSS
Exploits0References1
ossf
ossf
added 2026/01/06 2:33 a.m.13 views

Malicious code in oj-sp-about-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88af67380622acfe95b416c0349a87adf700798459b1b7794578e38d057a2bf6 The package oj-sp-about-page was found to contain malicious code. Source: ghsa-malware 4bece5a0063e69e6b490afd2ca5d92fce9ce26e5c729f5f550f9acca50eb10...

6.9AI score
Exploits0References1
snyk
snyk
added 2026/01/06 2:33 a.m.3 views

Malicious Package

Overview oj-sp-about-page is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
euvd
euvd
added 2026/01/06 2:33 a.m.6 views

EUVD-2026-1137

Malicious code in oj-sp-about-page npm...

6.6AI score
Exploits0References1
osv
osv
added 2026/01/06 2:33 a.m.4 views

MAL-2026-60 Malicious code in oj-sp-about-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88af67380622acfe95b416c0349a87adf700798459b1b7794578e38d057a2bf6 The package oj-sp-about-page was found to contain malicious code. Source: ghsa-malware 4bece5a0063e69e6b490afd2ca5d92fce9ce26e5c729f5f550f9acca50eb10...

6.8AI score
Exploits0References1
redhatcve
redhatcve
added 2025/12/10 9:16 p.m.4 views

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

8.7CVSS6.6AI score0.0084EPSS
Exploits1References1
euvd
euvd
added 2025/12/09 9:31 p.m.11 views

EUVD-2023-60180

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

8.7CVSS6.1AI score0.0084EPSS
Exploits1References5
osv
osv
added 2025/12/09 9:15 p.m.5 views

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

7.5CVSS5.9AI score0.0084EPSS
Exploits1References4
nvd
nvd
added 2025/12/09 9:15 p.m.4 views

CVE-2023-53772

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

8.7CVSS0.0084EPSS
Exploits1References4
cve
cve
added 2025/12/09 8:55 p.m.16 views

CVE-2023-53772

CVE-2023-53772 concerns MiniDVBLinux 5.4 with an arbitrary file disclosure via the about page. The vulnerability arises from improper handling of the GET parameter file used to disclose arbitrary file contents, enabling path traversal to read system files. Public descriptions from multiple source...

8.7CVSS6.2AI score0.0084EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2025/12/09 8:55 p.m.20 views

CVE-2023-53772 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

8.7CVSS0.0084EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/12/09 8:55 p.m.2 views

CVE-2023-53772 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device...

8.7CVSS6.2AI score0.0084EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.6 views

PT-2025-50269

Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a flaw that allows attackers to read sensitive system files. This is possible through the 'file' GET parameter on the about page, enabling disclosure of arbitrary file...

8.7CVSS6.2AI score0.0084EPSS
Exploits1References8
Rows per page
Query Builder