Lucene search
+L

1712 matches found

Cvelist
Cvelist
added 2026/05/18 8:5 a.m.49 views

CVE-2026-6339 Missing request origin validation on burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS0.00113EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 7:4 p.m.5 views

GHSA-5QRQ-9645-G5G2 ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

7CVSS6AI score0.00297EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 7:4 p.m.16 views

ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

7CVSS6AI score0.00297EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 9:31 p.m.11 views

EUVD-2026-29286

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

5.8AI score0.00121EPSS
Exploits0References7
NVD
NVD
added 2026/05/11 9:18 p.m.11 views

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

5.5CVSS0.00121EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.32 views

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

0.00121EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/11 8:8 p.m.9 views

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

5.8AI score0.00121EPSS
Exploits0References6
CVE
CVE
added 2026/05/11 8:8 p.m.17 views

CVE-2026-28993

CVE-2026-28993 affects Apple platforms and is described as an issue where an app may access user-sensitive data. The initial entry notes that the vulnerability was addressed by adding an additional prompt for user consent and lists fixes in multiple platforms/versions: iOS 18.7.9, iPadOS 18.7.9, ...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References6Affected Software4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39828

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

5.8AI score0.00121EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to race condition issues, which may allow applications to access the contact...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References1
HackRead
HackRead
added 2026/05/07 12:0 p.m.11 views

Google Chrome Accused of Silently Installing 4GB AI Model on User Devices

Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/05/06 7:15 p.m.19 views

PortSwigger Web Security: UI Consent Bypass via Comma Injection in `addAutoApproveTarget` — User-Approval Dialog and Persistence Layer Disagree on Target Scope, Yielding Authen

A vulnerability was discovered in Burp Suite MCP Server BApp v1.2.1 where the addAutoApproveTarget function failed to validate the hostnames passed to it. This allowed a malicious MCP client to inject a comma-separated hostname, which was then persisted as multiple independent allow-list entries...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/05/05 3:31 p.m.19 views

EUVD-2026-27329

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 2:16 p.m.31 views

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 1:27 p.m.23 views

CVE-2026-4304

The CVE-2026-4304 entry concerns the WeePie Cookie Allow plugin for WordPress. Affected component: the plugin, throughout all versions up to and including 3.4.11. Root cause: insufficient escaping of the user-supplied consent parameter and lack of proper preparation in the SQL query, enabling SQL...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 1:27 p.m.6 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:27 p.m.6 views

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 1:27 p.m.54 views

CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00294EPSS
Exploits0References3
Rows per page
Query Builder