Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Prion
Prionadded 2022/02/01 1:15 p.m.18 views

Type confusion

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

6.8CVSS9.2AI score0.17231EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDBadded 2022/01/26 12:0 a.m.23 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS0.17231EPSS
Exploits2Affected Software1
Ubuntu
Ubuntuadded 2019/07/17 10:22 p.m.221 views

USN-4064-1: Thunderbird vulnerabilities

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. CVE-2019-9811 Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially...

9.8CVSS7.7AI score0.18406EPSS
Exploits5
OpenVAS
OpenVASadded 2018/02/14 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-3544-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.9AI score0.3543EPSS
Exploits0References3
OSV
OSVadded 2016/05/10 7:59 p.m.7 views

CVE-2016-4554

mimeheader.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue...

8.6CVSS8.4AI score
Exploits0References17
Tenable Nessus
Tenable Nessusadded 2016/02/12 12:0 a.m.29 views

Ubuntu 14.04 LTS : Firefox vulnerability (USN-2893-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2893-1 advisory. Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to...

8.8CVSS8.5AI score0.00179EPSS
Exploits0References2
Ubuntu
Ubuntuadded 2016/01/13 11:11 p.m.63 views

USN-2859-1: Thunderbird vulnerabilities

Andrei Vaida, Jesse Ruderman, Bob Clary, and Jesse Ruderman discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitra...

10CVSS8.4AI score0.15477EPSS
Exploits1
securityvulns
securityvulnsadded 2009/04/23 12:0 a.m.75 views

Mozilla Foundation Security Advisory 2009-18

Mozilla Foundation Security Advisory 2009-18 Title: XSS hazard using third-party stylesheets and XBL bindings Impact: Low Announced: April 21, 2009 Reporter: Cefn Hoile Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Web developer Cefn Hoile reported that sites which...

4.3CVSS9.3AI score0.01099EPSS
Exploits1
Rows per page
Query Builder