Lucene search
K

23 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44845

Name of the Vulnerable Software and Affected Versions Home Assistant Companion app for iOS versions prior to 2026.4.1 Home Assistant Companion app for Android versions prior to 2026.4.4 Description The Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app...

8.3CVSS6AI score0.00136EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-19486

Malware in sbrugna...

6.1CVSS7.7AI score0.0069EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-5107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a...

5.3CVSS6.8AI score0.01652EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.6 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.2AI score0.0069EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.6 views

SUSE CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

7.5CVSS8.5AI score0.02485EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/08/24 7:12 p.m.6 views

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...

8.8CVSS7.2AI score0.00684EPSS
Exploits0References5
NVD
NVD
added 2020/12/09 1:15 a.m.17 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS5.6AI score0.0069EPSS
Exploits0References2
Prion
Prion
added 2020/12/09 1:15 a.m.20 views

Cross site scripting

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

4.3CVSS6.6AI score0.0069EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/12/09 12:24 a.m.25 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS8.1AI score0.0069EPSS
Exploits0
CVE
CVE
added 2020/12/09 12:24 a.m.155 views

CVE-2020-26962

CVE-2020-26962 affects Mozilla Firefox up to version 82 (Firefox

6.1CVSS6.4AI score0.0069EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/12/09 12:24 a.m.38 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.7AI score0.0069EPSS
Exploits0
Cvelist
Cvelist
added 2020/12/09 12:24 a.m.25 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.6AI score0.0069EPSS
Exploits0References2
Veracode
Veracode
added 2020/11/20 9:45 a.m.26 views

Phishing Attacks

firefox is vulnerable to phishing attacks. The vulnerability exists through cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated...

6.1CVSS2.7AI score0.0069EPSS
Exploits0References3Affected Software6
OpenVAS
OpenVAS
added 2020/11/18 12:0 a.m.22 views

Mozilla Firefox Security Advisories (MFSA2020-50, MFSA2020-52) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

9.6CVSS7.2AI score0.5063EPSS
Exploits3References1
UbuntuCve
UbuntuCve
added 2020/11/17 12:0 a.m.24 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.8AI score0.0069EPSS
Exploits0References4
Veracode
Veracode
added 2020/10/05 1:34 a.m.35 views

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

6.5CVSS4.3AI score0.03819EPSS
Exploits0References20Affected Software1
Veracode
Veracode
added 2020/09/28 5:27 a.m.11 views

Cross-Site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via cross-origin iframes...

4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/23 10:2 p.m.34 views

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...

4.3CVSS8.4AI score0.03819EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/11/04 4:16 a.m.23 views

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

6.5CVSS3.9AI score0.02485EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.29 views

NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0006)

The remote NewStart CGSL host, running version MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in...

10CVSS7.9AI score0.07439EPSS
Exploits0References4
Rows per page
Query Builder