Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5743 matches found

Prion
Prionadded 2019/02/04 8:29 a.m.9 views

Sql injection

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability...

7.5CVSS9.7AI score0.02733EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2019/02/04 7:0 a.m.17 views

CVE-2019-7316

An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability...

9.8AI score0.02733EPSS
Exploits1References3
CVE
CVEadded 2019/02/04 7:0 a.m.36 views

CVE-2019-7316

CVE-2019-7316 concerns CSS-TRICKS Chat2 (up to 2015-05-05). The issue is a SQL injection in the userid parameter of jumpin.php, exposing a vulnerability in input handling. The CVSS indicates high to critical impact: network attack vector, no authentication, and partial to high impact on confident...

9.8CVSS9.7AI score0.02733EPSS
Exploits1References3Affected Software1
pentestit
pentestitadded 2019/01/31 6:4 a.m.110 views

BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...

0.5AI score
Exploits0
Kaspersky
Kasperskyadded 2019/01/29 12:0 a.m.47 views

KLA11411 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Use-after-free vulnerability can be exploited remotely via specially designed HTML5...

10CVSS9.5AI score0.12658EPSS
Exploits1References5
Kaspersky
Kasperskyadded 2019/01/24 12:0 a.m.77 views

KLA11408 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability i...

10CVSS9AI score0.09755EPSS
Exploits5References4
Friends Of PHP
Friends Of PHPadded 2019/01/22 8:41 a.m.25 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHPadded 2019/01/22 8:41 a.m.35 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Typo3
Typo3added 2019/01/22 12:0 a.m.108 views

Cross-Site Scripting in Bootstrap CSS toolkit

It has been discovered that the third party library Bootstrap CSS toolkit is vulnerable to cross-site scripting. Details are mentioned in a dedicated vulnerability report at...

4.3CVSS5.9AI score0.04293EPSS
Exploits1Affected Software1
Veracode
Veracodeadded 2019/01/15 8:59 a.m.28 views

Denial Of Service (DoS)

kdelibs is vulnerable to denial of service. The CSS parser DOM implementation does not properly parse the location of the source for a font face, allowing a remote attacker to crash the application or potentially execute arbitary code by loading a malicious web page that results in a heap-based...

8.8CVSS8.6AI score0.11656EPSS
Exploits6References17Affected Software1
Veracode
Veracodeadded 2019/01/15 8:51 a.m.32 views

Cross-site Scripting (XSS)

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle newline characters, which makes it easier for remote attackers to condu...

4.3CVSS5.3AI score0.02618EPSS
Exploits1References16Affected Software13
OSV
OSVadded 2019/01/09 7:29 p.m.0 views

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score
Exploits0References6
OSV
OSVadded 2019/01/09 7:29 p.m.4 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS5.8AI score0.01902EPSS
Exploits0References6
NVD
NVDadded 2019/01/09 7:29 p.m.15 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS5.8AI score0.01902EPSS
Exploits0References6
Prion
Prionadded 2019/01/09 7:29 p.m.19 views

Input validation

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS6.4AI score0.01663EPSS
Exploits0References6Affected Software5
UbuntuCve
UbuntuCveadded 2019/01/09 7:29 p.m.16 views

CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01663EPSS
Exploits0References1
Prion
Prionadded 2019/01/09 7:29 p.m.24 views

Design/Logic Flaw

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS6.5AI score0.01902EPSS
Exploits0References6Affected Software5
OSV
OSVadded 2019/01/09 7:29 p.m.1 views

UBUNTU-CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.3AI score0.01902EPSS
Exploits0References3
OSV
OSVadded 2019/01/09 7:29 p.m.1 views

UBUNTU-CVE-2018-6164

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01663EPSS
Exploits0References2
Cvelist
Cvelistadded 2019/01/09 7:0 p.m.26 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

5.7AI score0.01902EPSS
Exploits0References6
Rows per page
Query Builder