38 matches found
CVE-2026-9309
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-9309
CVE-2026-9309 affects Firefox for iOS Reader View. The issue is improper escaping of HTML tags in JSON-LD metadata, enabling a malicious page to inject markup that leaks sensitive URL parameters and could lead to arbitrary JavaScript execution in an internal origin. Impact is described as access ...
PT-2026-45411
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...
CVE-2026-9141
Taiko AG1000-01A SMS Alert Gateway (Rev 7.3 and Rev 8) contains an authentication bypass in its embedded web configuration interface, allowing unauthenticated network attackers to directly request internal pages (e.g., index.zhtml, point.zhtml, log.shtml) and gain full administrative read/write a...
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
PT-2026-42263
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...
PT-2026-37008
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description Improper access control in browser snapshot, screenshot, and tab routes allows authenticated callers to bypass Server-Side Request Forgery SSRF restrictions. This occurs because the system fails...
CVE-2023-49060
An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute. This vulnerability affects Firefox for iOS 120...
EUVD-2025-25229
Malicious code in bioql PyPI...
Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19563)
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which can be exploited by attackers to open arbitrary website URLs or internal pages...
CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54144
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS 141...
CVE-2025-54144
Summary: CVE-2025-54144 affects Firefox for iOS before version 141. The URL scheme used to facilitate searching of text queries could be abused to open arbitrary website URLs or internal pages if a user is tricked into clicking a link. This is described as a security bypass in Firefox for iOS pri...
CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...
CVE-2024-33329
A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information...
Unable to Connect the Secure Web with the Error "Cannot open page"
Unable to open the internal pages from Secure Web. Error"Cannot open page"is displayed...