Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS5.9AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 12:16 a.m.21 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 11:54 p.m.42 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:54 p.m.8 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 11:54 p.m.13 views

EUVD-2026-31008

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 11:54 p.m.11 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/19 11:54 p.m.19 views

CVE-2026-39309

CVE-2026-39309 affects Trilium Notes before v0.102.2. The Electron configuration allows a RunAsNode fuse to launch the app in a special Node.js mode (-e) that can execute arbitrary commands with Trilium’s permissions, enabling a local attacker to spoof macOS TCC prompts. An attacker could trigger...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-42026

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2026/04/14 1:10 p.m.3 views

JLSEC-2026-102 Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...

8.8CVSS7.2AI score0.01142EPSS
Exploits1References5
OSV
OSV
added 2026/04/14 1:10 p.m.3 views

JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping

Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...

8.8CVSS5.8AI score0.00943EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : firefox-128.4.0-1.el9_4.ML.1 (AXSA:2024-8972:37)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8972:37 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...

9.8CVSS7AI score0.00809EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : firefox-128.4.0-1.el9_5.ML.2 (AXSA:2024-9399:40)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9399:40 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 firefox: thunderbird: History interface could have been used to...

9.8CVSS8.2AI score0.32568EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 7 : firefox-91.3.0-1.0.1.el7.AXS7 (AXSA:2021-2530:32)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2530:32 advisory. Mozilla: Use-after-free in HTTP2 Session object Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Mozilla: iframe sandbox rules d...

10CVSS8.6AI score0.0383EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2024/11/04 11:15 a.m.3 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.4.0 ESR bsc1231879: CVE-2024-10458: Permission leak via embed or object elements CVE-2024-10459: Use-after-free in layout with accessibility CVE-2024-10460: Confusing display of origin for external...

9.8CVSS8.7AI score0.00809EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.12 views

PT-2024-5893

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 130 Description The issue is related to the notification announcing the transition to fullscreen mode in Firefox on Android. Multiple prompts and panels from both Firefox and the Android OS could be used to obscure th...

9.8CVSS8.6AI score0.72648EPSS
Exploits43References730
SUSE CVE
SUSE CVE
added 2024/06/04 12:33 p.m.4 views

SUSE CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.3AI score0.00601EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/06 9:5 p.m.14 views

CVE-2024-27936 Deno interactive permission prompt spoofing via improper ANSI stripping

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

8.8CVSS7AI score0.00943EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/09/16 2:5 a.m.8 views

SUSE CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS8.6AI score0.00717EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.11 views

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

4.3CVSS6.8AI score0.00564EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.5 views

PT-2023-2285 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.31.2 Description: The issue is related to the lack of filtering for special control characters in Deno, a runtime for JavaScript and TypeScript. This allows a malicious program to clear the first two lines of a prompt...

10CVSS8.8AI score0.01142EPSS
Exploits1References9
Rows per page
Query Builder