CVE-2026-42849

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) attack on the login page when accessed with older browsers. The root cause is insufficient validation/escaping of user-supplied input reflected by the login page, enabling a crafted link to execute arb...

HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

GHSA-CVW4-C69G-7V7M Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

EUVD-2024-2328

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...

The Ghost of Internet Explorer Will Haunt the Web for Years

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks...

Google Chrome Security Bypass Vulnerability (CNVD-2019-17515)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 75.0.3770.80. An attacker can exploit this vulnerability to bypass security restrictions and gain unauthorized access to the system...

Microsoft Edge Legacy Browser SEoL

The remote host has an install of Microsoft Edge Legacy, a web browser, which is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable, Inc...