6 matches found
Dark Reader gives users the ability to request style sheets from local web servers
Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...
PT-2026-23066
Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...
jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...
jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...
jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
A Cross-site request forgery CSRF vulnerability was found in Jenkins. The POST requests are not required for the HTTP endpoint handling manual build requests when no security realm is set. This flaw allows an attacker to trigger the building of a job without parameters...
CVE-2021-3681
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...