Lucene search
K

13 matches found

OSV
OSV
added 2026/05/06 11:43 p.m.6 views

GHSA-687H-XW6F-Q2QW Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:43 p.m.17 views

Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.7 views

CVE-2026-23619

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx,...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23619

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx,...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 6:24 p.m.5 views

CVE-2026-23619

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx,...

5.4CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 6:0 p.m.22 views

CVE-2026-23619 GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx,...

5.4CVSS0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 6:0 p.m.15 views

CVE-2026-23619

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$Pv3$txtDescription on /MailEssentials/pages/MailSecurity/general.aspx, which is st...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 6:0 p.m.4 views

CVE-2026-23619 GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx,...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20899

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions before 22.4 have a stored cross-site scripting issue in the Local Domains settings page. A logged-in user can inject HTML or JavaScript code into the...

5.4CVSS5.2AI score0.00173EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.0 views

EUVD-2014-7031

Malware in sbrugna...

6.1CVSS8.5AI score0.00743EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2015/10/30 3:0 p.m.21 views

CVE-2015-7814

Race condition in the relinquishmemory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service host crash via vectors involving the destruction of a domain and using XENMEMdecreasereservation to reduce the memory of...

4.7CVSS8.1AI score0.00279EPSS
Exploits0
OSV
OSV
added 2013/05/13 11:55 p.m.1 views

DEBIAN-CVE-2013-1919

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."...

4.7CVSS8.5AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder