Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8434 matches found

Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.108 views

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

8.1CVSS8.4AI score0.00414EPSS
Exploits0
Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.27 views

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

8.8CVSS9.4AI score0.00586EPSS
Exploits0
Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.36 views

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

6.1CVSS7.9AI score0.00395EPSS
Exploits0
CVE
CVEadded 2022/12/22 12:0 a.m.408 views

CVE-2022-22755

CVE-2022-22755 describes a vulnerability in Firefox

8.8CVSS8.3AI score0.00586EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/16 12:0 a.m.7 views

PT-2022-28033 · Unknown · Puhttpsniff

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned in the provided descriptions. Description: The "puhttpsniff" service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker ...

8.8CVSS9.2AI score0.01203EPSS
Exploits0References4
OSV
OSVadded 2022/12/15 7:15 p.m.6 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS7.7AI score
Exploits0References13
NVD
NVDadded 2022/12/15 7:15 p.m.21 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS0.00197EPSS
Exploits0References13
OSV
OSVadded 2022/12/15 7:15 p.m.3 views

DEBIAN-CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS6.7AI score0.00197EPSS
Exploits0References1
Prion
Prionadded 2022/12/15 7:15 p.m.21 views

Design/Logic Flaw

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

1.9CVSS5.8AI score0.00197EPSS
Exploits0References13Affected Software7
CVE
CVEadded 2022/12/15 12:0 a.m.212 views

CVE-2022-46692

CVE-2022-46692 is a logic issue in WebKitGTK/WebKit causing a bypass of the Same Origin Policy when processing malicious web content. The Apple ecosystem fixes (Safari 16.2, iOS 16.2/iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2, etc.) are documented in the initial CVE description. Connected advis...

5.5CVSS5.9AI score0.00197EPSS
Exploits0References13Affected Software7
Vulnrichment
Vulnrichmentadded 2022/12/15 12:0 a.m.12 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

4.7AI score0.00197EPSS
Exploits0References13
Cvelist
Cvelistadded 2022/12/15 12:0 a.m.23 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

6.2AI score0.00197EPSS
Exploits0References13
Debian CVE
Debian CVEadded 2022/12/15 12:0 a.m.35 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS6.2AI score0.00197EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2022/12/13 4:8 p.m.1 views

Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy

The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec...

6.5CVSS7.3AI score0.00744EPSS
Exploits0References6
Apple
Appleadded 2022/12/13 12:0 a.m.110 views

About the security content of iCloud for Windows 14.1

About the security content of iCloud for Windows 14.1 This document describes the security content of iCloud for Windows 14.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

7.8CVSS8.1AI score0.00905EPSS
Exploits0References1Affected Software1
Apple
Appleadded 2022/12/13 12:0 a.m.584 views

About the security content of Safari 16.2

About the security content of Safari 16.2 This document describes the security content of Safari 16.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS9AI score0.34574EPSS
Exploits2References1Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2022/12/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS6.8AI score0.00197EPSS
Exploits0References1
0day.today
0day.todayadded 2022/12/07 12:0 a.m.291 views

Evernote Web Clipper Same-Origin Policy Bypass Vulnerability

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post. Evernote: extension allows cross-origin iframe communication I happened to notice that the Evernote Web Clipper...

Exploits0
wpexploit
wpexploitadded 2022/12/05 12:0 a.m.83 views

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

The plugins do not escape the cgid POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php?page=/index.php&editgallery=1&wpmad...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
Tenable Nessus
Tenable Nessusadded 2022/12/05 12:0 a.m.59 views

Microsoft Edge (Chromium) < 108.0.1462.41 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.41. It is, therefore, affected by multiple vulnerabilities as referenced in the December 5, 2022 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to...

8.8CVSS7.4AI score0.23918EPSS
Exploits3References51
Rows per page
Query Builder