Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

281 matches found

Microsoft CVE
Microsoft CVEadded 2017/06/13 7:0 a.m.29 views

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could...

6.5CVSS0.7AI score0.25242EPSS
Exploits0
0day.today
0day.todayadded 2017/03/15 12:0 a.m.31 views

Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability

Exploit for windows platform in category remote exploits ------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 20...

4CVSS5.5AI score0.14929EPSS
Exploits3
seebug.org
seebug.orgadded 2017/03/15 12:0 a.m.44 views

Microsoft Edge Fetch API allows setting of arbitrary request headers (CVE-2017-0140)

Introduction The Fetch API provides an interface for fetching resources including across the network. It will seem familiar to anyone who has used XMLHttpRequest, but the Fetch API provides a more powerful and flexible feature set. Starting in EdgeHTML 14, which ships with Windows 10 Anniversary...

4CVSS5.4AI score0.14929EPSS
Exploits3
Packet Storm
Packet Stormadded 2017/03/14 12:0 a.m.35 views

Microsoft Edge Fetch API Arbitrary Header Setting

------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 2017...

0.14929EPSS
Exploits3
Jake Archibald's Blog
Jake Archibald's Blogadded 2016/01/25 3:0 p.m.14 views

2016 - the year of web streams

Yeah, ok, it's a touch bold to talk about something being the thing of the year as early as January, but the potential of the web streams API has gotten me all excited. TL;DR: Streams can be used to do fun things like turn clouds to butts, transcode MPEG to GIF, but most importantly, they can be...

7.1AI score
Exploits0
Prion
Prionadded 2015/12/16 11:59 a.m.19 views

Information disclosure

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.7AI score0.00437EPSS
Exploits0References14Affected Software4
UbuntuCve
UbuntuCveadded 2015/12/15 12:0 a.m.24 views

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.9AI score0.00437EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2015/10/19 12:0 a.m.23 views

Ubuntu 14.04 LTS : Firefox vulnerability (USN-2768-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2768-1 advisory. Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were...

6.8CVSS8.4AI score0.00243EPSS
Exploits0References2
NVD
NVDadded 2015/10/18 10:59 a.m.12 views

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...

6.8CVSS6.3AI score0.00243EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2015/10/18 10:59 a.m.23 views

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...

6.8CVSS7.3AI score0.00243EPSS
Exploits0References3
OSV
OSVadded 2015/10/18 10:59 a.m.0 views

UBUNTU-CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...

6.8CVSS7.3AI score0.00243EPSS
Exploits0References4
Prion
Prionadded 2015/10/18 10:59 a.m.19 views

Cross site scripting

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...

6.8CVSS6.9AI score0.00243EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2015/10/18 10:0 a.m.18 views

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin...

9AI score0.00243EPSS
Exploits0References8
OSV
OSVadded 2015/10/16 9:21 a.m.0 views

USN-2768-1 firefox vulnerability

Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from oth...

6.8CVSS7.3AI score0.00243EPSS
Exploits0References2
Ubuntu
Ubuntuadded 2015/10/16 9:21 a.m.48 views

USN-2768-1: Firefox vulnerability

Abdulrahman Alqabandi and Ben Kelly discovered that the fetch API did not correctly implement the Cross Origin Resource Sharing CORS specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from oth...

6.8CVSS8.4AI score0.00243EPSS
Exploits0
ArchLinux
ArchLinuxadded 2015/10/16 12:0 a.m.35 views

firefox: cross-origin restriction bypass

Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...

6.8CVSS9.1AI score0.00243EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2015/10/16 12:0 a.m.29 views

Firefox < 41.0.2 'fetch' API Cross-Origin Bypass (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 41.0.2. It is, therefore, affected by a cross-origin restriction bypass vulnerability in the fetch API due to an incorrect implementation of the Cross-Origin Resource Sharing CORS specification. A remote attacker can exploit...

6.8CVSS7.4AI score0.00243EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2015/10/16 12:0 a.m.31 views

Firefox < 41.0.2 'fetch' API Cross-Origin Bypass

The version of Firefox installed on the remote Windows host is prior to 41.0.2. It is, therefore, affected by a cross-origin restriction bypass vulnerability in the fetch API due to an incorrect implementation of the Cross-Origin Resource Sharing CORS specification. A remote attacker can exploit...

6.8CVSS8.4AI score0.00243EPSS
Exploits0References2
Mozilla
Mozillaadded 2015/10/15 12:0 a.m.103 views

Cross-origin restriction bypass using Fetch — Mozilla

Security researcher Abdulrahman Alqabandi reported that the fetch API did not correctly implement the Cross-Origin Resource Sharing CORS specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue...

6.8CVSS8.9AI score0.00243EPSS
Exploits0References3Affected Software1
Jake Archibald's Blog
Jake Archibald's Blogadded 2015/03/24 12:0 a.m.18 views

That's so fetch!

There's been some confusion around the new fetch API recently. Let's clear things up. The first thing you'll notice about fetch is it's a massive improvement on XMLHttpRequest in terms of API design. Here's how to get some JSON using XHR: var xhr = new XMLHttpRequest; xhr.open'GET', url;...

6.8AI score
Exploits0
Rows per page
Query Builder