105 matches found
EUVD-2026-36424
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...
CVE-2026-7516
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
CVE-2026-7516
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
CVE-2026-7516
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
EUVD-2026-36046
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
CVE-2026-7516
The CVE-2026-7516 entry concerns the Lenovo Android Application distributed on Chinese-market tablets. The vulnerability allows a website viewed in the app’s built-in browser to overwrite the device clipboard contents. The issue is tied to the built-in browser component and clipboard handling, wi...
Lenovo Android Application 安全漏洞
Lenovo Android Application is an application developed by Lenovo Corporation, designed for managing Lenovo devices. There is a security vulnerability in Lenovo Android Application, which stems from websites accessed via the built-in browser potentially overwriting system clipboard contents...
PT-2026-48452
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.
Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.1 release.
Red Hat Web Terminal Operator 1.11.1 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.1 release.
Red Hat Web Terminal Operator 1.12.1 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
EUVD-2026-29734
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...
CVE-2021-47948 WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...
open-webui Vulnerable to Stored XSS via Model Description
!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.
Red Hat Web Terminal Operator 1.11.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.
Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...
avsig
⚡ AVSIG JWT Inspector & Security Auditor - decode, anal...
CVE-2026-20162
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...
CVE-2026-29933
A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...