CVE-2026-45038 Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

CVE-2020-37178

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

PT-2026-7676

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations...

EUVD-2017-1423

Malware in sbrugna...

CVE-2025-55033

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-55033

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS 142...

CVE-2025-55033 Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly

Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-55033

The CVE describes a Cross-Site Scripting (XSS) issue in Mozilla Focus for iOS prior to version 142. The vulnerability arises when dragging JavaScript links to the URL bar, which can cause arbitrary script execution. Affected product: Focus for iOS (versions

PT-2025-33877 · Mozilla · Focus For Ios

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 14.2 Description: Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in cross-site scripting XSS attacks. Recommendations: Update Focus f...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

CVE-2024-31393

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...

PT-2024-3797 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 124 Description: The issue is related to insufficient input validation when dragging URL addresses into the address bar, allowing a remote attacker to bypass security restrictions and load arbitrary pages. Th...

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

DEBIAN-CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

Type confusion

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

CVE-2023-25741

The CVE-2023-25741 entry concerns Firefox (

CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox 110...

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...