Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 4:40 p.m.12 views

Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38614

Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2506

Malware in sbrugna...

7.6CVSS6.7AI score0.01014EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 p.m.8 views

CVE-2021-43785

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

7.6CVSS6.1AI score0.01014EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/11/26 7:15 p.m.2 views

CVE-2021-43785

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

7.6CVSS6.7AI score0.01014EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/11/26 7:15 p.m.10 views

CVE-2021-43785

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

6.1CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/11/15 12:0 a.m.52 views

Fedora 30 : webkit2gtk3 (2019-4213e37211)

Improve performance of querying system fallback fonts. - Dont use prgname in dbus-proxy socket path. - Fix thread-safety issues in image decoders. - Fix the build with WebDriver disabled. - Disable accelerated compositing when we fail to initialize the EGL dispaly under Wayland. - Fill the...

9.3CVSS6.4AI score0.02542EPSS
Exploits0References4
Rows per page
Query Builder