251 matches found
CVE-2026-9642
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Windows-Exploit-Development-Lab
Metodología de Análisis de Vulnerabilidades y Explotación...
CVE-2025-15032
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...
CVE-2025-15032
Dia for macOS before 1.9.0 is vulnerable to spoofing of the window title due to a missing about:blank indicator in custom-sized new windows. The root cause is the absence of a visual cue (about:blank indicator) that can mislead users about the current site. Affected product: Dia (macOS). Impact: ...
CVE-2025-15032 CVE-2025-15032: Increased Spoofing risk; custom new window missing about:blank
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...
CVE-2025-15032
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...
CVE-2025-15032 CVE-2025-15032: Increased Spoofing risk; custom new window missing about:blank
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site...
Dia security vulnerabilities
Dia is an AI-driven smart browser developed by Dia Company. Versions of Dia prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the absence of the about:blank indicator in new windows with custom sizes, which could allow attackers to deceive trusted domains and...
PT-2026-3271
Name of the Vulnerable Software and Affected Versions Dia versions prior to 1.9.0 Description A flaw exists in Dia that, on macOS, could allow an attacker to spoof a trusted domain in the window title of custom-sized new windows. This could mislead users about the current site due to a missing...
CVE-2025-13132
A flaw was found in dia. This vulnerability allows users to be misled about the current site via a malicious site rendering a fake user interface UI without a full-screen notification...
The Browser Company of New York Dia 安全漏洞
The Browser Company of New York Dia is an AI browser from The Browser Company of New York, USA. A security vulnerability exists in The Browser Company of New York Dia prior to version 1.6, which stems from a lack of notification alerts in full-screen mode and could lead to users being misled...
EUVD-2025-137946
Malicious code in astam-ifst-dia npm...
Malicious code in dia-30 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eff1123100fa9c082f85bb48c95034eae67ab9c27c43f4cc1ca2b4f3abcb0525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42372fdb54c843b791f7713f6c8f2370821d4b643852c7c179fbc3fa1d64015b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-44 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e056ef0dcd8c4ed54870eea248d0e0027d34d3f28892344edbfc8cb308d24575 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-21 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db9414a291d0219aa8f0af7821b75b3fd6b4c34fcf41dfe3e393d86d63cc309f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-25 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90bc1fe72ba9b9d126f321d563f262f0c1bee138fa6c494371db6729f5c9a938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-27 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cd0769cac0a842fd220e0e01e01faa7f8cc1e51330080a63eb0b94900f5bc3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-28 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ce86d8d51739c31f3debd7050598b48e692365eef172fed550267e2d7252b39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dia-29 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39ace05da76ee6137520277d1359ec38173497c04ac97a43a38e1e69b06e0c0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...