Lucene search
K

10 matches found

CVE
CVE
added 4 days ago14 views

CVE-2026-13323

Open VSX Registry before 1.0.2 is affected by a vulnerability in the /vscode/unpkg/ endpoint that serves user-supplied HTML with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition header. An unauthenticated attacker can create a publisher account, upload a VSIX c...

4.1CVSS5.8AI score0.00169EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.00169EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/08 6:8 a.m.16 views

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code VS Code will apply a two-hour delay before extensions for the integrated development environment IDE are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new version...

5.3AI score
Exploits0
Brave Browser
Brave Browser
added 2026/06/03 5:18 a.m.18 views

Brave Desktop 1.91.168 Security Fixes

Added the ability to disable or delay automatic extension updates when brave://flags/brave-user-extension-auto-update is enabled. Upgraded Chromium to 149.0.7827.54 — refer to Google Chrome advisories for inherited CVEs...

5.5AI score
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2026/02/02 6:11 p.m.6 views

How Manifest v3 forced us to rethink Browser Guard, and why that’s a good thing

As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and, in many cases, even better. But behind the scenes, almost everything changed. The rules that govern how browser extensions work went through a...

5.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3362

Malware in sbrugna...

5.9CVSS7.5AI score0.01333EPSS
Exploits0References4
OSV
OSV
added 2023/03/21 12:25 p.m.6 views

SUSE-SU-2023:0844-1 Security update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils

This update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-glance, openstack-nova: - CVE-2022-47951: Fixed file access control through custom VMDK fl...

5.7CVSS5.9AI score0.01025EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.4 views

SUSE CVE-2010-4582

Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors...

5CVSS6.9AI score0.02296EPSS
Exploits0References4
CNVD
CNVD
added 2022/12/30 12:0 a.m.34 views

Mozilla Firefox permission permission and access control issue vulnerability (CNVD-2023-05211)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...

2AI score0.00644EPSS
Exploits0Affected Software3
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.3 views

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...

6.5CVSS7.5AI score0.00644EPSS
Exploits0References23
Rows per page
Query Builder