Lucene search
K

11 matches found

OSV
OSV
added 2026/05/29 3:30 p.m.8 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Additional techniques that built upon the slipstream research, combined with a malicious web page, could have exposed both hosts within an internal network as well as services running on the user’s local machine. This vulnerability affects Firefox versions earlier than 85...

7.4CVSS7.8AI score0.01323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6303

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description An authenticated user with System Administrator privileges can trigger a server-side request forgery SSRF through t...

8.2CVSS5.5AI score0.00396EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/11/20 8:5 a.m.6 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00447EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-21818

Malware in sbrugna...

4.3CVSS4.6AI score0.01201EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-15052

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...

9.8CVSS7.5AI score0.02925EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.6 views

SUSE CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...

7.4CVSS8.4AI score0.01323EPSS
Exploits0References11
OSV
OSV
added 2021/01/07 2:15 p.m.3 views

DEBIAN-CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

6.1CVSS7.4AI score0.01266EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/17 4:21 p.m.2 views

Mozilla: Internal network hosts could have been probed by a malicious webpage

The Mozilla Foundation Security Advisory describes this flaw as: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...

6.1CVSS7.4AI score0.01266EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/12/16 12:42 p.m.4 views

Mozilla: Internal network hosts could have been probed by a malicious webpage

The Mozilla Foundation Security Advisory describes this flaw as: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine...

6.1CVSS7.4AI score0.01266EPSS
Exploits0References5
OSV
OSV
added 2020/12/15 12:0 a.m.5 views

UBUNTU-CVE-2020-26978

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR 78.6...

6.1CVSS7.3AI score0.01266EPSS
Exploits0References6
Rows per page
Query Builder