36 matches found
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...
CVE-2025-66486
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-9868
Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...
CVE-2025-9868
Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...
CVE-2025-9868
The vulnerability is a Server-Side Request Forgery (SSRF) in the Remote Browser Plugin of Sonatype Nexus Repository 2.x, up to and including 2.15.2. The issue allows unauthenticated remote attackers to exfiltrate proxy repository credentials by crafting HTTP requests. The root cause is SSRF in th...
EUVD-2025-33291
Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin
Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin
Server-Side Request Forgery SSRF in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests...
PT-2025-41292
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 2.0 through 2.15.2 Description A Server-Side Request Forgery SSRF exists in the Remote Browser Plugin. This allows unauthenticated remote attackers to extract proxy repository credentials via crafted HTTP...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository version 2.15.2 and earlier, which stems from a server-side request forgery in the Remote...
CVE-2009-20002
Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites...
PT-2025-34300 · Unknown · Millenium Mp3 Studio
Name of the Vulnerable Software and Affected Versions: Millenium MP3 Studio versions through 2.0 Description: Millenium MP3 Studio versions up to and including 2.0 are vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application does not properly validate the leng...
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
Would you expect an end user to log on to a cybercriminal's computer, open their browser, and type in their usernames and passwords? Hopefully not! But that's essentially what happens if they fall victim to a Browser-in-the-Middle BitM attack. Like Man-in-the-Middle MitM attacks, BiTM sees...
Cloud || Remote Browser Isolation most of the time not working
Users getting black screen. Or connection was closed screen...
The Next Generation of RBI (Remote Browser Isolation)
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world...
CVE-2023-27864
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...
PT-2023-21382 · Ibm · Ibm Maximo Asset Management
Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.1.2 through 7.6.1.3 Description: The issue allows a remote attacker to inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the...
webTareas Code Issues Vulnerabilities
webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...
webTareas 代码问题漏洞
webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas 2.4 and earlier versions that allows an attacker to exploit the platform by...
How Zero Trust and SASE Can Redefine Network Defenses for Remote Workforces
Zero Trust has been touted for years as the future of network security. But, only recently has it started to gain traction as a practical enterprise security framework. The implementation of digital transformation initiatives has thrust Zero Trust into the spotlight as network applications and...