Lucene search
K

115 matches found

Microsoft KB
Microsoft KB
added 2022/10/25 12:0 a.m.6 views

October 25, 2022—KB5018483 (OS Build 22000.1165) Preview

October 25, 2022—KB5018483 OS Build 22000.1165 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...

7AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2022/07/13 12:0 a.m.62 views

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10057-1 Rating: important References: Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2294 Affected Products: openSUSE Leap 15.3:NonFree openSUSE Leap 15.4:NonFree An update th...

9.3CVSS7.3AI score0.70461EPSS
Exploits0
Snyk
Snyk
added 2022/06/23 9:26 a.m.4 views

Malicious Package

Overview @xunlie/vue-context-menu is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:15 p.m.6 views

Malicious code in @tinkoff-react-bui/context-menu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f239b4e149956ae7fcbe368e6040942fc96e8fd6a13a332a4c1e64cffb9747d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2022/06/06 12:0 a.m.7 views

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an elevation of privilege vulnerability that originates in onCreateContextMenu in NetworkProviderSettings.java. Due to a lack of privilege checking, a non-owner user could change...

7.3CVSS5.9AI score0.00111EPSS
Exploits0References6
NVD
NVD
added 2021/12/08 10:15 p.m.14 views

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

4.3CVSS0.00329EPSS
Exploits0References2
OSV
OSV
added 2021/12/08 10:15 p.m.2 views

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

4.3CVSS7.3AI score0.00329EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/12/08 10:15 p.m.31 views

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

4.3CVSS5.8AI score0.00528EPSS
Exploits0References4
OSV
OSV
added 2021/12/08 10:15 p.m.8 views

UBUNTU-CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

4.3CVSS5.8AI score0.00329EPSS
Exploits0References5
Prion
Prion
added 2021/12/08 10:15 p.m.24 views

Design/Logic Flaw

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

4.3CVSS4.4AI score0.00528EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/12/08 10:15 p.m.9 views

UBUNTU-CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

6.1CVSS6.1AI score0.00528EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2021/12/08 9:20 p.m.20 views

CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

6.1CVSS4.9AI score0.00528EPSS
Exploits0
CVE
CVE
added 2021/12/08 9:20 p.m.89 views

CVE-2021-43532

Summary: CVE-2021-43532 affects Firefox prior to 94 and relates to the Copy Image Link context menu. The bug allowed copying the final image URL after redirects, enabling token theft if a user pasted the URL back into a page and the URL leaked authentication tokens. The underlying issue involved ...

6.1CVSS4.6AI score0.00528EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.17 views

Mozilla Firefox Security Advisory (MFSA2015-49) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS9.5AI score0.01904EPSS
Exploits0References3
wpexploit
wpexploit
added 2021/04/12 12:0 a.m.98 views

Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them. -- PoC 1 | Authenticated Persistent XSS & XFS | Image saving disabled message text: ! POST...

0.9AI score0.008EPSS
Exploits2References3
Kitploit
Kitploit
added 2021/03/30 8:30 p.m.40 views

ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy

ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be...

7.3AI score
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2020/10/26 12:0 a.m.40 views

openSUSE Security Update : opera (openSUSE-2020-1713)

This update for opera fixes the following issues : opera was updated to version 71.0.3770.228 - DNA-87466 Hide extensions icon is black in dark theme - DNA-88580 Implement searchintabs telemetry benchmark - DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL - DNA-88693 Random...

9.6CVSS6.8AI score0.03291EPSS
Exploits6References14
Github Security Blog
Github Security Blog
added 2020/09/03 7:14 p.m.25 views

Malicious Package in ngx-context-menu

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 7:14 p.m.12 views

GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/05 12:30 p.m.54 views

Generator-Burp-Extension - Everything You Need About Burp Extension Generation

Everything You Need About Burp Extension Generation Installation First, install Yeoman and generator-burp-extension using npm we assume you have pre-installed node.js. npm install -g yo npm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featur...

7.2AI score
Exploits0References6
Rows per page
Query Builder