Lucene search
K

440 matches found

EUVD
EUVD
added 2026/02/27 3:34 p.m.5 views

EUVD-2026-9031

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 3:16 p.m.11 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS0.00322EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 3:16 p.m.3 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 2:9 p.m.6 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 2:9 p.m.7 views

CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 2:9 p.m.24 views

CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 2:9 p.m.15 views

CVE-2026-3327

This CVE concerns the DatoCMS Web Previews plugin, where an authenticated user can perform an iframe injection by bypassing the frontend URL restriction. The root cause is an insecure handling of embedded resources in the Web Previews feature, affecting versions earlier than 1.0.31. Impact is the...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.13 views

PT-2026-22341

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.5 views

CVE-2025-13672

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...

7CVSS5.4AI score0.00202EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 11:16 p.m.15 views

CVE-2026-26320

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 10:36 p.m.3 views

CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...

7CVSS5.3AI score0.00202EPSS
Exploits1References1
OSV
OSV
added 2026/02/19 7:10 p.m.6 views

CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS5.6AI score0.00194EPSS
Exploits1References4
OSV
OSV
added 2026/02/16 4:31 p.m.5 views

BIT-GITLAB-2026-1456 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

7.5CVSS5.6AI score0.00364EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.5 views

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews...

5.3CVSS5.9AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 11:16 p.m.3 views

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References4
NVD
NVD
added 2026/02/11 11:16 p.m.11 views

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews...

5.3CVSS0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 10:58 p.m.23 views

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. Turning off "Load remote content in messages” may not apply to all mail previews...

0.00309EPSS
Exploits0References4
CVE
CVE
added 2026/02/11 10:58 p.m.24 views

CVE-2026-20673

CVE-2026-20673 is a logic-issue vulnerability in Apple Mail that is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and iOS/iPadOS 18.7.5. The issue centers on improved checks in the Mail component; turning off “Load remote content in messages” may not apply to all mail prev...

5.3CVSS5.9AI score0.00309EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichment
added 2026/02/11 10:58 p.m.3 views

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews...

5.5AI score0.00309EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/11 10:58 p.m.7 views

EUVD-2026-5922

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References4
Rows per page
Query Builder