Lucene search
K

19 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01416EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 4 days ago9 views

CVE-2026-11998

A flaw was found in AngularJS. The Strict Contextual Escaping SCE logic, designed to ensure only trusted values are used in security-sensitive contexts like resource URLs, can be bypassed. This bypass allows an attacker to use unsafe values as resource URLs, leading to arbitrary JavaScript...

7.6CVSS5.9AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 9:16 p.m.2 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:29 p.m.6 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/10/29 2:54 p.m.2 views

CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

4.3CVSS6.4AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2024/08/21 2:47 p.m.59 views

CVE-2024-43371

CVE-2024-43371 describes a Server Side Request Forgery (SSRF) in CKAN via multiple plugins (XLoader, DataPusher, Resource proxy, ckanext-archiver) that fetch remote resources without validating the target URL. The underlying issue is that these plugins use the resource URL without restricting des...

6.5CVSS4.8AI score0.00345EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2024/07/10 3:10 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...

6.9CVSS6.9AI score0.00492EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP. This vulnerability affects Firefox 63...

6.5CVSS8.5AI score0.01617EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/02 5:12 a.m.29 views

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

7.5CVSS9.6AI score0.67135EPSS
Exploits3References22Affected Software2
OSV
OSV
added 2018/10/17 8:1 p.m.40 views

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5.3CVSS5.3AI score0.02857EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.5 views

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of Firefox lies in the improper restriction of resource: URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome browser, thereby circumventing access control policies. This can be achieved, for example, by usi...

5CVSS8.1AI score0.67135EPSS
Exploits3References3Affected Software1
OpenVAS
OpenVAS
added 2015/04/06 12:0 a.m.48 views

Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

7.5CVSS9.3AI score0.67465EPSS
Exploits4References11
Mageia
Mageia
added 2015/04/03 1:11 p.m.51 views

Updated firefox & thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

7.5CVSS9.8AI score0.67135EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2015/04/02 12:0 a.m.29 views

RedHat Update for firefox RHSA-2015:0766-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.7AI score0.67135EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2015/04/01 1:17 p.m.59 views

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS7.7AI score0.67135EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2015/04/01 1:17 p.m.5 views

Mozilla: resource: // documents can load privileged pages (MFSA 2015-33)

A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox...

5CVSS7.6AI score0.67135EPSS
Exploits3References5
OSV
OSV
added 2015/04/01 12:0 a.m.3 views

UBUNTU-CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

5CVSS7.6AI score0.67135EPSS
Exploits3References5
Cent OS
Cent OS
added 2015/03/31 11:44 p.m.119 views

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2015:0766 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS bas...

7.5CVSS7.7AI score0.67135EPSS
Exploits3References7
Rows per page
Query Builder