Lucene search
K

90 matches found

Veracode
Veracode
added 2026/05/09 5:31 a.m.6 views

Server-Side Request Forgery (SSRF)

PlaywrightCapture is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on navigations and resource requests initiated by rendered pages, which allows an attacker to abuse browser-side redirection mechanisms to access local files file:// or reque...

8.7CVSS5.9AI score0.00319EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35794

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A server-side request forgery SSRF policy bypass allows attackers to trigger navigations that circumvent standard SSRF checks. By exploiting browser interactions, attackers can bypass these...

7.6CVSS5.9AI score0.0021EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References6
Mageia
Mageia
added 2025/04/17 11:34 p.m.35 views

Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Site Isolation. CVE-2025-3066 Inappropriate implementation in Custom Tabs. CVE-2025-3067 Inappropriate implementation in Intents. CVE-2025-3068 Inappropriate implementation in Extensions. CVE-2025-3069 Insufficient validation of untrusted input in Extensions. CVE-2025-3070...

8.8CVSS7.5AI score0.00552EPSS
Exploits0References3
OSV
OSV
added 2025/04/02 1:15 a.m.21 views

CVE-2025-3066

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.8AI score
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc USA. Google Chrome suffers from a resource management error vulnerability that stems from a post-release reuse issue in Navigations...

8.8CVSS8.1AI score0.00342EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.18 views

Fedora 41 : chromium (2024-3a6f9ab958)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a6f9ab958 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...

8.8CVSS6.5AI score0.06295EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2024/10/19 12:0 a.m.19 views

openSUSE Security Advisory (openSUSE-SU-2024:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.06295EPSS
Exploits3References3
Microsoft CVE
Microsoft CVE
added 2024/10/17 7:0 a.m.138 views

Chromium: CVE-2024-9966 Inappropriate implementation in Navigations

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.3CVSS6.9AI score0.0033EPSS
Exploits0
OSV
OSV
added 2024/10/15 9:15 p.m.15 views

CVE-2024-9966

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/15 8:14 p.m.14 views

CVE-2024-9966

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

6.4AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/15 8:14 p.m.19 views

CVE-2024-9966

Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

0.0033EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/10/15 12:0 a.m.12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: 367755363 High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 370133761 Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29 370482421 Medium CVE-2024-9956:...

8.8CVSS7.8AI score0.06295EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2024/10/15 12:0 a.m.29 views

Google Chrome < 130.0.6723.58 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop15 advisory. - Use after free in AI. CVE-2024-9954 - Use after free in Web Authentication...

8.8CVSS6.8AI score0.06295EPSS
Exploits3References27
CVE
CVE
added 2023/06/02 12:0 a.m.310 views

CVE-2023-23601

CVE-2023-23601 is a browser navigation/vulnerability caused by dragging a URL from a cross-origin iframe into the same tab, enabling potential spoofing. Public records confirm impact on Firefox (less than 109) and Firefox ESR (less than 102.7) and Thunderbird (less than 102.7). Multiple advisorie...

6.5CVSS6.6AI score0.00347EPSS
Exploits0References4Affected Software3
SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.3 views

SUSE CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/historycontroller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web sit...

4.3CVSS8.7AI score0.0098EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.3 views

SUSE CVE-2017-5395

Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected...

4.3CVSS6.2AI score0.0122EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.1 views

SUSE CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension...

6.5CVSS8.4AI score0.00976EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2023/01/19 12:6 p.m.37 views

CVE-2023-23601

The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks...

6.1CVSS2.6AI score0.00347EPSS
Exploits0References5
OSV
OSV
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-34470

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

9.8CVSS8.5AI score0.01064EPSS
Exploits0References1
Rows per page
Query Builder