Lucene search
K

7 matches found

EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-43560

PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...

8.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-59802

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

8.2CVSS0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

8.2CVSS0.00192EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-59802

PasswordPusher before 2.8.1 is vulnerable to Redirect-Based XSS due to insufficient validation in the valid_url function, allowing data:text/html URIs in URL push payloads that can execute JavaScript in victims’ browsers when clicked within the trusted domain. Affected versions: before 2.8.1. Roo...

8.2CVSS6.2AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56539

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.8.1 Description Insufficient validation in the valid url function allows the application to accept data URI schemes in URL push payloads. This enables attackers to create malicious pushes containing...

8.2CVSS6.1AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/07 5:50 p.m.15 views

CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

7.1CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2024/11/07 5:50 p.m.3 views

CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...

7.1CVSS5.8AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder