Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/03/04 6:18 p.m.7 views

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

3.4CVSS5.9AI score0.00108EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23066

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

3.4CVSS5.8AI score0.00108EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/02/25 1:4 a.m.4 views

jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS7.1AI score0.01779EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/24 3:15 p.m.4 views

jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS7.1AI score0.01779EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/16 11:19 a.m.3 views

jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF

A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...

4.3CVSS7.1AI score0.01779EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/08/04 7:22 a.m.90 views

CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...

5.5CVSS1.3AI score0.00237EPSS
Exploits0References4
Rows per page
Query Builder