Lucene search
+L

36 matches found

NVD
NVD
added 2026/02/13 3:15 a.m.13 views

CVE-2026-1721

Summary A Reflected Cross-Site Scripting XSS vulnerability was discovered in the AI Playground's OAuth callback handler. The errordescription query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the contex...

6.2CVSS0.00371EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/06 6:51 p.m.20 views

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.13 views

PT-2026-6789

Name of the Vulnerable Software and Affected Versions Pydantic AI versions 1.34.0 through 1.50.9 Description Pydantic AI contains a path traversal issue in its web UI. A crafted URL can be used by an attacker to serve arbitrary JavaScript within the application's context. This allows execution of...

7.1CVSS6AI score0.00324EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6869

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

7.1CVSS6AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3368

Malware in sbrugna...

5.3CVSS7.6AI score0.01392EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0129

Malware in sbrugna...

6.1CVSS6.5AI score0.01483EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-11698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content...

5.3CVSS7.5AI score0.01392EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 10:48 a.m.5 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in tooltip content rendering. An attacker can perform operations with the victim's privileges, such as stealing chat history and deleting chats, by convincing the victim to interact...

9.3CVSS5.3AI score0.00553EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:11 a.m.5 views

CVE-2024-8017 Cross-site Scripting (XSS) in open-webui/open-webui

An XSS vulnerability exists in open-webui/open-webui versions = 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their ow...

9CVSS7.2AI score0.00553EPSS
Exploits1References3
HackRead
HackRead
added 2024/05/06 10:9 p.m.24 views

Cuckoo Mac Malware Mimics Music Converter to Steals Passwords and Crypto

By Deeba Ahmed Cuckoo malware targets macOS users, stealing passwords, browsing history, crypto wallet details & more. Disguised as a music converter, it poses a major security risk. Learn how to protect yourself from this sophisticated infostealer. This is a post from HackRead.com Read the...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.2 views

SUSE CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

6.1CVSS8.6AI score0.01392EPSS
Exploits0References10
NVD
NVD
added 2019/07/23 2:15 p.m.15 views

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS5.5AI score0.01392EPSS
Exploits0References4
OSV
OSV
added 2019/07/23 2:15 p.m.1 views

DEBIAN-CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS8.7AI score0.01392EPSS
Exploits0References1
OSV
OSV
added 2019/07/23 2:15 p.m.9 views

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS8.8AI score
Exploits0References4
Debian CVE
Debian CVE
added 2019/07/23 1:21 p.m.37 views

CVE-2019-11698

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS7.9AI score0.01392EPSS
Exploits0
OSV
OSV
added 2019/06/10 7:17 p.m.9 views

MGASA-2019-0191 Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities. Cross-origin theft of images with ImageBitmapRenderingContext. CVE-2018-18511 Out-of-bounds read in Skia. CVE-2019-5798 Use-after-free in pngimagefree of libpng library. CVE-2019-7317 Cross-origin theft of images with createImageBitmap...

9.8CVSS7.2AI score0.09393EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2019/06/03 8:55 p.m.5 views

Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS7.4AI score0.01392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/06/03 8:52 p.m.5 views

Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS7.4AI score0.01392EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/23 4:8 p.m.5 views

Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for...

5.3CVSS7.4AI score0.01392EPSS
Exploits0References5
Mozilla
Mozilla
added 2019/05/21 12:0 a.m.147 views

Security vulnerabilities fixed in Firefox ESR 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

9.8CVSS0.06175EPSS
Exploits1References17Affected Software1
Rows per page
Query Builder